In a recent incident that differed noticeably from familiar cyberattacks, Drift Protocol suffered a significant loss, but not as a result of exploited bugs, stolen private keys, or the manipulation of oracles or flash loan tactics. Instead, attackers took advantage of Solana’s legitimate durable nonce feature to execute two previously signed transactions weeks after their approval by Drift’s multi-signature security council, catching the protocol off guard in an entirely new context.
What is durable nonce and how was it used?
On Solana, every transaction is typically sent with a unique blockhash that expires in about 60–90 seconds, a measure that prevents replay attacks and ensures the transaction’s freshness. However, Solana also offers a mechanism called the ‘durable nonce’, which allows transactions to rely on a single-use code stored in a separate account. This mechanism removes time constraints, enabling the transaction to remain valid indefinitely until the nonce is used. Durable nonce accounts are often intended as a security convenience for hardware wallets and enterprise custodians, helping to manage delayed transactions in a controlled way.
Yet, this flexibility has a downside: when attackers manage to get transactions pre-authorized, they can delay broadcasting them until weeks later. Once a signer approves a transaction, it can only be canceled if the nonce account is manually updated—a step often overlooked in everyday security routines.
Drift’s governance operates through a five-member security council, where every transaction requires signatures from at least two members. This multi-signature arrangement is a common defense in the decentralized finance sector, reducing the risk of a single compromised individual putting protocol funds in danger.
Course of the attack and asset tracing
In the last week of March, four durable nonce accounts were established. Two were genuinely associated with security council members, while the other two were under the attackers’ control. This enabled the attackers to secure valid signatures from two council members in advance. After a change in Drift’s council lineup on March 27, the attackers promptly adapted to the new structure, collecting the necessary signatures again.
The breach began with a legitimate test withdrawal from Drift’s insurance fund. Immediately after, attackers broadcast the pre-signed transactions to the Solana network—taking over administrative permissions and enabling themselves to create unauthorized withdrawal mechanisms. Funds were drained rapidly in two separate transactions.
Blockchain analysts identified that approximately $270 million worth of various cryptocurrencies was siphoned off to multiple wallets. The largest loss was in JPL tokens, amounting to $155.6 million, followed by $60.4 million in USDC stablecoins, $11.3 million in CBBTC, and $5.65 million in USDT, alongside numerous other digital assets.
The main operational wallet used in the attack had been funded eight days prior via the NEAR Protocol and remained inactive until it was mobilized for the exploit. Following the attack, assets were funneled to intermediary wallets established on the Backpack exchange, which requires identity verification—a detail that could offer investigators fresh leads.
On-chain analyst ZachXBT tracked the stolen funds, noting that over $230 million in USDC was transferred to Ethereum using Circle’s cross-chain bridging protocol. ZachXBT also highlighted that Circle, the company behind USDC, came under criticism for not freezing the stolen funds within the first six hours after the breach occurred.
The incident ultimately underscored human errors in managing advanced security setups like multi-signature accounts. The durable nonce feature facilitated the transaction broadcasts long after the initial approvals, exposing a major oversight in post-signature monitoring. Lending, treasury, and trading pools on Drift suffered losses, but DSOL deposits and assets staked with Drift’s validator were unaffected by the breach.
