No connection

Search Results

Crypto Score 75 Bearish

Solana's Durable Nonces Feature Exploited in $270M Drift Protocol Attack

Apr 02, 2026 15:08 UTC
BTC-USD, SOL-USD, ETH-USD
Immediate term

An attacker exploited Solana's durable nonces feature to drain over $270 million from Drift Protocol without traditional hacking methods. The attack leveraged legitimate blockchain functionality to execute pre-approved transactions weeks after initial authorization.

  • Attackers drained $270 million from Drift Protocol using Solana's durable nonces feature
  • The attack did not involve traditional hacking methods like bugs or private key compromises
  • Durable nonces allowed pre-approved transactions to be executed weeks after initial authorization
  • The attack timeline began on March 23 with the creation of four durable nonce accounts
  • Stolen assets included $155.6 million in JPL tokens and $60.4 million in USDC
  • The incident highlights vulnerabilities in blockchain security and multisig governance models

A sophisticated attack on Drift Protocol drained over $270 million by exploiting a legitimate Solana feature called durable nonces. Unlike traditional hacks involving bugs or private key compromises, the attacker used this feature to trick Drift's security council into pre-approving transactions that were executed weeks later. The attack timeline began on March 23 with the creation of four durable nonce accounts, two linked to legitimate council members and two controlled by the attacker. By April 1, the attacker executed pre-signed transactions to gain control of Drift's protocol-level permissions and initiate the fund drain. The stolen assets included $155.6 million in JPL tokens, $60.4 million in USDC, and various other tokens totaling the $270 million loss. The attack highlights vulnerabilities in blockchain security practices, particularly the risks associated with indefinitely valid transactions and multisig governance models. Drift's security council, which required two-of-five approvals for actions, was compromised through unauthorized or misrepresented transaction approvals. The incident underscores the need for improved transaction revocation mechanisms and enhanced monitoring of durable nonce accounts in blockchain protocols.

Sign up free to read the full analysis

Create a free account to unlock full AI-curated market articles, personalized alerts, and more.

Create Free Account Already have an account? Sign In
Share this article

Stay Ahead of the Markets

Join thousands of traders using AI-powered market intelligence. Get personalized insights, real-time alerts, and advanced analysis tools.

Get Started Free View Plans
Features Terminal AI Assistant Analysis Market News Pricing
Start Trading with AI Already have an account? Sign In
Home
Terminal
AI
Markets
Profile