Drift Protocol suffered a $280–285M theft attributed to UNC4736 (Labyrinth Chollima) after a six-month social engineering and supply chain operation culminating in Security Council administrative takeover and a 12-minute fund drain. No CVEs are associated; the attack exploited governance process failures, developer tooling compromise, and absence of identity verification for privileged roles rather than patchable software defects. Organizations operating DeFi protocols or multi-sig governance structures should immediately audit signer composition, implement hardware security keys for all governance roles, and enforce developer workstation isolation from key material.