Drift Protocol on Solana Reportedly Exploited for More Than $200 Million
According to Drift Protocol, the attacker gained unauthorized control of its security council and used pre-signed durable nonce transactions and forged or unauthorized approvals in a weeks-long attack affecting about $280 million.
Drift Protocol said an attacker gained unauthorized control of its security council and drained about $280 million in a weeks-long attack. According to the protocol, the exploit involved pre-signed durable nonce transactions and unauthorized or forged approvals, while no smart contract vulnerability or mnemonic theft has been identified. Earlier updates had said roughly $285 million in JLP-related assets was drained after 11 transfers reduced treasury assets from $309 million to $41 million and led to a halt in deposits and withdrawals. The incident also affected connected DeFi products, with Ranger Finance reporting about $900,000 in exposure and several platforms pausing certain services as a precaution.
- DeFi: Short for decentralized finance, a sector of blockchain-based applications that offers financial services without traditional intermediaries.
- durable nonce transactions: Pre-signed Solana transactions that use a stored nonce so they can remain valid longer instead of expiring quickly under normal blockhash timing rules.
- smart contract: Self-executing blockchain code that runs protocol logic; Drift said it has not found a vulnerability in its smart contracts related to the attack.