""Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers.""
""This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.""
""The breach is said to have involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering.""
""According to a timeline of events shared by Drift, preparations for the hack were underway as early as March 23, 2026.""
Drift, a Solana-based decentralized exchange, suffered a security breach on April 1, 2026, resulting in a loss of approximately $285 million. The attack involved unauthorized access through durable nonces, allowing attackers to gain control of administrative powers. The breach did not exploit vulnerabilities in smart contracts or seed phrases but involved misrepresented transaction approvals. The attackers executed a malicious admin transfer to introduce a harmful asset and remove withdrawal limits. Drift is collaborating with security firms and law enforcement to trace the stolen assets, with indications of North Korean involvement.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]