The Drift Protocol attack was not a hack in the traditional sense.
Nobody found a bug or decrypted a private key. There was also no flash loan exploit or manipulated oracle.
Instead, an attacker used a legitimate feature of Solana, ‘durable nonces’, to trick Drift’s security board into pre-approving transactions that would be executed weeks later, at a time and in a context the signers never intended.
The result was a leak of at least $270 million that took less than a minute to execute but more than a week to prepare.
What are durable nonces and why do they exist?
In Solana, each transaction includes a ‘recent blockhash’, essentially a timestamp proving that the transaction was recently created. That blockhash expires after about 60 to 90 seconds. If the transaction is not sent to the network within that window, it is no longer valid. This is a security feature and helps prevent old and stale transactions from being repeated later.
Durable nonces override that safety feature. They replace the expiring blockhash with a fixed ‘nonce’, a one-time code stored in a special on-chain account, which keeps the transaction valid indefinitely until someone decides to send it.
The feature exists for legitimate reasons. Hardware wallets, offline signing setups, and institutional custody solutions need the ability to prepare and approve transactions without being forced to send them within 90 seconds.
But transactions with indefinite validity create a problem. If you can get someone to sign a transaction today, it can be executed next week or next month, depending on the system’s hard-coded rules. The signer has no way to revoke their approval once granted, unless the nonce account is manually advanced, which most users do not monitor.
How the attacker used them
The Drift protocol was governed by a ‘Multi-Signature Security Council’, a system in which several people (in this case, five) share control, and any action requires the approval of at least two of them. Multi-signatures are a standard security practice in DeFi, where the idea is that compromising a single person is not enough to steal funds.
But the attacker didn’t need to compromise anyone’s keys. All they needed was two signatures, and they appear to have obtained them through what Drift describes as “unauthorized or misrepresented transaction approvals,” meaning the signers likely thought they were approving a routine transaction.
Here’s the timeline Drift posted in a Thursday X post.
On March 23, four durable nonce accounts were created. Two of them were associated with legitimate members of the Drift Security Council. Two of them were controlled by the attacker. This means that the attacker had already obtained valid signatures from two of the five council members, locked in durable nonce transactions that would not expire.
On March 27, Drift executed a planned Security Council migration to change a council member. The attacker adapted. On March 30, a new durable nonce account appeared, linked to a member of the updated multisig, indicating that the attacker had once again achieved the required approval threshold of two out of five under the new setup.
On April 1, the attacker was executed.
First, Drift made a legitimate test withdrawal from its insurance fund. About a minute later, the attacker sent the pre-signed durable nonce transactions. Two transactions, separated by four spaces on the Solana blockchain, were enough to create and approve a malicious admin transfer, then approve and execute it.
Within minutes, the attacker had full control of Drift’s protocol-level permissions. They used that control to introduce a fraudulent withdrawal mechanism and empty the vaults.
What did he take and where did he go?
Onchain researchers tracked fund flows in real time. The breakdown of the stolen assets, compiled by security researcher Vladimir S., amounted to approximately $270 million in dozens of tokens.
The largest single category was $155.6 million in JPL tokens, followed by $60.4 million in USDC, $11.3 million in CBBTC (wrapped bitcoin on Coinbase), $5.65 million in USDT, $4.7 million in wrapped ether, $4.5 million in DSOL, $4.4 million in WBTC, $4.1 million in FARTCOIN and smaller amounts in JUP, JITOSOL, MSOL, BSOL, EURC and others.
The main wallet was funded eight days before the attack through NEAR protocol attempts, but remained dormant until the day of the execution. The stolen funds were transferred to intermediary wallets that were funded just the day before through Backpack, a decentralized crypto exchange that requires identity verification, which could give investigators a clue.
From there, the funds were moved to Ethereum addresses via Wormhole, a cross-chain bridge. Those Ethereum addresses had been pre-funded using Tornado Cash, the permissioned privacy mixer.
ZachXBT, a prominent on-chain researcher, noted that over $230 million worth of USDC was transferred from Solana to Ethereum via Circle’s CCTP (Cross-Chain Transfer Protocol) in over 100 transactions.
He criticized Circle, the centralized issuer of USDC, for not freezing the stolen funds for a six-hour period after the attack began around noon Eastern Time.
The attack was also reminiscent of recent social engineering attempts, using tactics similar to those seen before, according to a social media post by a user who goes by the name ‘Temmy.’ “We’ve seen this before. We’ve seen it many times,” the user said.
“bybit. $1.4 billion. Attacker compromised signing infrastructure and tricked signers into authorizing malicious transactions. Same concept. Social engineering. Not code. Ronin bridge. $625 million. Compromised validation keys. Same story. Cetus protocol. $223 million. Different method but same result. Hundreds of millions gone.” the publication said.
What was not committed
What failed was the human layer around the multisig. Durable nonces allowed the attacker to separate the time of approval from the time of execution by more than a week, creating a gap where the context of the signed document no longer matched the context in which it was used.
All deposits in Drift lending and borrowing products, vault deposits, and trading funds are affected. DSOL tokens not deposited in Drift, including assets staked in the Drift validator, are not affected. Insurance fund assets are withdrawn and protected. The protocol was frozen and the compromised wallet was removed from the multisig.
As such, this is the third major exploit in recent months that does not involve a code vulnerability. Social engineering and operational security flaws, rather than smart contract bugs, are increasingly how money leaves DeFi protocols.
The durable nonce vector is particularly dangerous because it exploits a feature that exists for a good reason and is difficult to defend without fundamentally changing how multi-signature approvals work in Solana.
The open question, which Drift’s upcoming detailed post-mortem will need to answer, is how two separate multi-signature members approved transactions they didn’t understand, and whether any changes to the tools or interface could have flagged long-lived nonce transactions as requiring additional scrutiny.
Read more: North Korean hackers likely behind $286 million Drift Protocol exploit
