trade crypt
Technology

Drift Protocol drained $270M via Solana durable nonces: timeline

HomeTechnologyDrift Protocol drained $270M via Solana durable nonces: timeline
Crypto Fan
By Crypto Fan

-

36
0

Drift Protocol drained $270M via Solana durable nonces

On March 23, attackers drained at least $270 million from the Drift Protocol by exploiting Solana’s durable nonces, with the incident executing in under a minute after more than a week of preparation. The attackers used pre-signed administrative transfers and had obtained the two signatures required by Drift’s five-member Security Council multisig, while creating four durable nonce accounts that day. The rapid execution contrasted with the extended setup period that enabled the compromise.

Durable nonces are a Solana transaction feature that replaces the expiring recent blockhash with a fixed nonce stored in an on-chain account. Solana transactions normally include a recent blockhash that expires after about 60 to 90 seconds, and durable nonces provide an alternative to that short-lived value. A durable nonce can remain valid indefinitely until the transaction is submitted, allowing the transaction to reference the fixed on-chain nonce rather than a transient blockhash.

The durable-nonce mechanism exists for legitimate operational reasons, including hardware wallets, offline signing setups, and institutional custody solutions. The nonce is maintained in an on-chain account and retains its validity until submission, which differentiates it from the standard recent blockhash lifecycle. Implementations therefore use durable nonces to provide a fixed on-chain value that transactions can reference when the standard short-lived blockhash model is unsuitable.

Drift Protocol’s Security Council is a multisignature configuration that requires at least two of five members to sign administrative transactions. This two-of-five threshold applies to administrative-level actions governed by the council and determines when such transactions can be executed. The attacker had obtained valid signatures from two council members, which satisfied the multisig requirement and allowed administrative transactions to proceed.

The attacker used durable nonces to pre-sign administrative transfer transactions weeks before they were executed. A nonce-based approach allowed those pre-signed transactions to remain valid until submission instead of depending on a short-lived recent blockhash. The attacker did not compromise private keys but obtained the two required signatures through unauthorized or misrepresented transaction approvals. On March 23, four durable nonce accounts were created in connection with the pre-signing process; two of those accounts were associated with legitimate council members and two were controlled by the attacker. The actual execution of the administrative transfers occurred in under a minute, while the preparation for the operation took more than a week.

Drift Protocol was drained of at least $270 million after attackers used Solana’s durable nonce feature to pre-sign administrative transfer transactions weeks before executing them. The pre-signed transactions remained valid until submission, enabling the attackers to satisfy the protocol’s multisig requirement and execute the transfers in under a minute after more than a week of preparation, resulting in a rapid, large-scale financial loss.

This website and its articles do not provide any investment advisory services within the meaning of applicable regulations. The information published may be incomplete, outdated, or contain errors. The author makes no representation or warranty regarding the accuracy, completeness, or timeliness of the information presented. Use of this information is entirely at the reader’s own risk. Under no circumstances shall the author be held liable for financial decisions made on the basis of the content published on this website.
Previous article
Crypto Selloff Triggers Nearly $400M Liquidations in Futures
Next article
Explainer: Todd Blanche interim AG and crypto enforcement memo
Crypto Fan
Crypto Fanhttps://calipsu.com
Calipsu.com is dedicated to providing clear, reliable, and accessible information about cryptocurrencies, blockchain technology, and decentralized finance (DeFi). Its mission is to help readers better understand a rapidly evolving ecosystem that is often complex, technical, and misunderstood. The platform covers a wide range of topics, from major blockchain networks and crypto assets to DeFi protocols, Web3 applications, and emerging trends. The website also publishes practical guides and tutorials that explain how decentralized tools function, such as wallets, staking mechanisms, lending protocols, and liquidity pools. These guides aim to describe processes and risks clearly, helping readers understand the mechanics behind DeFi rather than encouraging participation.

LATEST POSTS

Markets

XRP price analysis: Price slips to $1.33 on high volume

XRP price analysis reveals a sharp drop from $1.36 to $1.33 on high volume, noting key resistance at $1.35 and a fragile recovery path.
Markets

Bitcoin and crypto market flat as U.S.-Iran negotiations begin

Bitcoin and crypto market flat as U.S.-Iran negotiations begin, with markets steady amid geopolitics, weekly shifts, and privacy-model notes.
Markets

Hyperliquid HYPE ETF BHYP to List on NYSE Arca

Hyperliquid HYPE ETF aims to track the HYPE token with staking rewards, a 0.67% fee, and Anchorage custody as it targets BHYP on NYSE Arca.
Mining

Bhutan’s 70% bitcoin sell-off and uncertain mining status

Bhutan's 70% bitcoin sell-off and uncertain mining status: an analytical look at holdings, transfers, and the case for hydropower over mining.
Load more

Follow us

116FansLike
745FollowersFollow
148FollowersFollow
trade crypt