Here is how Drift attackers drained more than $270 million using a Solana feature designed for convenience

The attack on Drift Protocol was not a hack in the traditional sense.

Nobody found a bug or cracked a private key. There wasn’t a flash loan exploit or manipulated oracle either.

Instead, an attacker used a legitimate Solana feature, ‘durable nonces,’ to trick Drift’s security council into pre-approving transactions that would be executed weeks later, at a time and in a context the signers never intended.

The result was a drain of at least $270 million that took less than a minute to execute but more than a week to set up.

What durable nonces are and why they exist

On Solana, every transaction includes a ‘recent blockhash,’ essentially a timestamp that proves the transaction was created recently. That blockhash expires after about 60 to 90 seconds. If the transaction is not submitted to the network within that window, it becomes invalid. This is a safety feature and helps prevent old, stale transactions from being replayed later.

Durable nonces override that safety feature. They replace the expiring blockhash with a fixed ‘nonce,’ a one-time code stored in a special onchain account, that keeps the transaction valid indefinitely until someone chooses to submit it.

The feature exists for legitimate reasons. Hardware wallets, offline signing setups, and institutional custody solutions all need the ability to prepare and approve transactions without being forced to submit them within 90 seconds.

But indefinitely valid transactions create a problem. If one can get someone to sign a transaction today, it can be executed next week or next month, per the system’s hardcoded rules. The signer has no way to revoke their approval once it is given, unless the nonce account is manually advanced, which most users do not monitor.

How the attacker used them

Drift’s protocol was governed by a ‘Security Council multisig,’ a system in which multiple people (in this case, five) share control, and any action requires at least two of them to approve. Multisigs are a standard security practice in DeFi, where the idea is that compromising a single person is not enough to steal funds.

But the attacker did not need to compromise anyone’s keys. All they needed were two signatures, and they appear to have obtained them through what Drift describes as “unauthorized or misrepresented transaction approvals,” meaning the signers likely thought they were approving a routine transaction.

Here is the timeline Drift published in a Thursday X post.

On March 23, four durable nonce accounts were created. Two were associated with legitimate Drift Security Council members. Two were controlled by the attacker. This means the attacker had already obtained valid signatures from two of the five council members, locked into durable nonce transactions that would not expire.

On March 27, Drift executed a planned Security Council migration to swap out a council member. The attacker adapted. By March 30, a new durable nonce account appeared, tied to a member of the updated multisig, indicating the attacker had re-obtained the required two-of-five approval threshold under the new configuration.

On April 1, the attacker executed.

First, Drift ran a legitimate test withdrawal from its insurance fund. Approximately one minute later, the attacker submitted the pre-signed durable nonce transactions. Two transactions, four slots apart on the Solana blockchain, were enough to create and approve a malicious admin transfer, then approve and execute it.

Within minutes, the attacker had full control of Drift’s protocol-level permissions. They used that control to introduce a fraudulent withdrawal mechanism and drain the vaults.

What was taken and where it went

Onchain researchers tracked the fund flows in real time. The breakdown of stolen assets, compiled by security researcher Vladimir S., totaled roughly $270 million across dozens of tokens.

The largest single category was $155.6 million in JPL tokens, followed by $60.4 million in USDC, $11.3 million in CBBTC (Coinbase wrapped bitcoin), $5.65 million in USDT, $4.7 million in wrapped ether, $4.5 million in DSOL, $4.4 million in WBTC, $4.1 million in FARTCOIN, and smaller amounts across JUP, JITOSOL, MSOL, BSOL, EURC, and others.

The primary drainer wallet was funded eight days before the attack via NEAR Protocol intents but remained inactive until execution day. Stolen funds were transferred to intermediary wallets that were funded just the day before via Backpack, a decentralized crypto exchange that requires identity verification, potentially giving investigators a lead.

From there, funds moved to Ethereum addresses via Wormhole, a cross-chain bridge. Those Ethereum addresses had been pre-funded using Tornado Cash, the sanctioned privacy mixer.

ZachXBT, a prominent onchain investigator, noted that over $230 million in USDC was bridged from Solana to Ethereum via Circle’s CCTP (Cross-Chain Transfer Protocol) across more than 100 transactions.

He criticized Circle, the centralized issuer of USDC, for not freezing the stolen funds during a six-hour window after the attack began around noon Eastern time.

The attack was also reminiscent of recent social engineering attempts, using tactics similar to those seen before, according to a social media post by a user who goes by ‘Temmy.’ “we’ve seen this before. we’ve seen this so many times,” the user said.

“bybit. $1.4 billion. the attacker compromised the signing infrastructure and tricked signers into authorizing malicious transactions. same concept. social engineering. not code. ronin bridge. $625 million. compromised validator keys. same story. cetus protocol. $223 million. different method but same result. hundreds of millions gone.” the post said.

What was not compromised

What failed was the human layer around the multisig. Durable nonces allowed the attacker to separate the moment of approval from the moment of execution by more than a week, creating a gap in which the context of the signed document no longer matched the context in which it was used.

All deposits into Drift’s borrow-and-lend products, vault deposits, and trading funds are affected. DSOL tokens not deposited in Drift, including assets staked to the Drift validator, are unaffected. Insurance fund assets are being withdrawn and safeguarded. The protocol has been frozen, and the compromised wallet has been removed from the multisig.

As such, this is the third major exploit in recent months that did not involve a code vulnerability. Social engineering and operational security failures, rather than smart contract bugs, are increasingly how money leaves DeFi protocols.

The durable nonce vector is particularly dangerous because it exploits a feature that exists for good reason and is difficult to defend against without fundamentally changing how multisig approvals work on Solana.

The open question, which Drift’s forthcoming detailed postmortem will need to answer, is how two separate multisig members approved transactions they did not understand, and whether any tooling or interface changes could have flagged durable nonce transactions as requiring additional scrutiny.

Read more: North Koreans hackers likely behind $286 million Drift Protocol exploit