TechFlow News: On April 2, according to on-chain analyst Aryan (@_0xaryan), the Drift Protocol treasury was recently drained. The attacker’s address [HkG...ZES] received its initial funds via Near Intents eight days ago and remained dormant thereafter—until it suddenly withdrew a large sum from the Drift treasury.
Regarding fund flow, the attacker transferred assets to multiple money-laundering addresses (including 8ub...Gxw, among others). All these addresses received funds via the Backpack wallet one day prior to the incident. Subsequently, the launderer used the cross-chain protocol Wormhole to move the funds to an Ethereum address whose funding source traces back to Tornado Cash.
In response, Armani Ferrante, co-founder of Backpack, confirmed that the fund flow did not follow a direct “Backpack → Attacker” path, but rather an indirect route: “Backpack → Non-attacker (cross-chain intent solver) → Attacker.” Ferrante added that verification with the relevant account holders has been completed.
