How a Solana feature designed for convenience let attackers drain more than $270 million from Drift
The exploit did not involve a bug in Drift's code. It used "durable nonces," a legitimate Solana transaction feature, to pre-sign administrative transfers weeks before executing them, bypassing the protocol's multisig security in minutes.
How a Solana feature designed for convenience let attackers drain more than $270 million from Drift
The exploit did not involve a bug in Drift’s code. It used “durable nonces,” a legitimate Solana transaction feature, to pre-sign administrative transfers weeks before executing them, bypassing the protocol’s multisig security in minutes.
An attacker drained at least $270 million from the Drift Protocol on Solana by abusing a legitimate feature called ‘durable nonces,’ rather than exploiting a code bug or stolen keys.
By securing two misleading approvals from Drift’s five-member Security Council multisig, the attacker pre-signed transactions that remained valid for more than a week and then used them to seize protocol-level control in minutes.
The theft, which affected all user deposits on Drift and routed funds through NEAR, Backpack, Wormhole and Tornado Cash, underscores how social engineering and operational failures—especially around durable nonce handling—are becoming a leading threat vector in DeFi.
Instead, an attacker used a legitimate Solana feature, ‘durable nonces,’ to trick Drift’s security council into pre-approving transactions that would be executed weeks later, at a time and in a context the signers never intended.
The result was a drain of at least $270 million that took less than a minute to execute but more than a week to set up.
What durable nonces are and why they exist
On Solana, every transaction includes a ‘recent blockhash,’ essentially a timestamp that proves the transaction was created recently. That blockhash expires after about 60 to 90 seconds. If the transaction is not submitted to the network within that window, it becomes invalid. This is a safety feature and helps prevent old, stale transactions from being replayed later.
Durable nonces override that safety feature. They replace the expiring blockhash with a fixed ‘nonce,’ a one-time code stored in a special onchain account, that keeps the transaction valid indefinitely until someone chooses to submit it.
The feature exists for legitimate reasons. Hardware wallets, offline signing setups, and institutional custody solutions all need the ability to prepare and approve transactions without being forced to submit them within 90 seconds.
But indefinitely valid transactions create a problem. If one can get someone to sign a transaction today, it can be executed next week or next month, per the system’s hardcoded rules. The signer has no way to revoke their approval once it is given, unless the nonce account is manually advanced, which most users do not monitor.
How the attacker used them
Drift’s protocol was governed by a ‘Security Council multisig,’ a system in which multiple people (in this case, five) share control, and any action requires at least two of them to approve. Multisigs are a standard security practice in DeFi, where the idea is that compromising a single person is not enough to steal funds.
But the attacker did not need to compromise anyone’s keys. All they needed were two signatures, and they appear to have obtained them through what Drift describes as “unauthorized or misrepresented transaction approvals,” meaning the signers likely thought they were approving a routine transaction.
On March 23, four durable nonce accounts were created. Two were associated with legitimate Drift Security Council members. Two were controlled by the attacker. This means the attacker had already obtained valid signatures from two of the five council members, locked into durable nonce transactions that would not expire.
On March 27, Drift executed a planned Security Council migration to swap out a council member. The attacker adapted. By March 30, a new durable nonce account appeared, tied to a member of the updated multisig, indicating the attacker had re-obtained the required two-of-five approval threshold under the new configuration.
On April 1, the attacker executed.
First, Drift ran a legitimate test withdrawal from its insurance fund. Approximately one minute later, the attacker submitted the pre-signed durable nonce transactions. Two transactions, four slots apart on the Solana blockchain, were enough to create and approve a malicious admin transfer, then approve and execute it.
Within minutes, the attacker had full control of Drift’s protocol-level permissions. They used that control to introduce a fraudulent withdrawal mechanism and drain the vaults.
What was taken and where it went
Onchain researchers tracked the fund flows in real time. The breakdown of stolen assets, compiled by security researcher Vladimir S., totaled roughly $270 million across dozens of tokens.
The largest single category was $155.6 million in JPL tokens, followed by $60.4 million in USDC, $11.3 million in CBBTC (Coinbase wrapped bitcoin), $5.65 million in USDT, $4.7 million in wrapped ether, $4.5 million in DSOL, $4.4 million in WBTC, $4.1 million in FARTCOIN, and smaller amounts across JUP, JITOSOL, MSOL, BSOL, EURC, and others.
The primary drainer wallet was funded eight days before the attack via NEAR Protocol intents but remained inactive until execution day. Stolen funds were transferred to intermediary wallets that were funded just the day before via Backpack, a decentralized crypto exchange that requires identity verification, potentially giving investigators a lead.
From there, funds moved to Ethereum addresses via Wormhole, a cross-chain bridge. Those Ethereum addresses had been pre-funded using Tornado Cash, the sanctioned privacy mixer.
ZachXBT, a prominent onchain investigator, noted that over $230 million in USDC was bridged from Solana to Ethereum via Circle’s CCTP (Cross-Chain Transfer Protocol) across more than 100 transactions.
He criticized Circle, the centralized issuer of USDC, for not freezing the stolen funds during a six-hour window after the attack began around noon Eastern time.
What was not compromised
What failed was the human layer around the multisig. Durable nonces allowed the attacker to separate the moment of approval from the moment of execution by more than a week, creating a gap in which the context of the signed document no longer matched the context in which it was used.
All deposits into Drift’s borrow-and-lend products, vault deposits, and trading funds are affected. DSOL tokens not deposited in Drift, including assets staked to the Drift validator, are unaffected. Insurance fund assets are being withdrawn and safeguarded. The protocol has been frozen, and the compromised wallet has been removed from the multisig.
As such, this is the third major exploit in recent months that did not involve a code vulnerability. Social engineering and operational security failures, rather than smart contract bugs, are increasingly how money leaves DeFi protocols.
The durable nonce vector is particularly dangerous because it exploits a feature that exists for good reason and is difficult to defend against without fundamentally changing how multisig approvals work on Solana.
The open question, which Drift’s forthcoming detailed postmortem will need to answer, is how two separate multisig members approved transactions they did not understand, and whether any tooling or interface changes could have flagged durable nonce transactions as requiring additional scrutiny.
Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap.
Why it matters:
As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve.
The Coinbase-engineered agentic commerce protocol x402 has garnered support from a long list of big names like Google, Cloudflare and Stripe.
What to know:
An initial governing body, the x402 Foundation, includes internet services firm Cloudflare and payments giant Stripe, with support from a long list of other big players.
The open-source consortium also includes initial intent and support being expressed by the likes of Amazon Web Services, American Express, Ant International,Visa and Microsoft.
