The attack on Drift Protocol was not a hack in the traditional sense.
No one has found a bug or decrypted a private key. There was also no flash loan exploit or manipulated oracle.
Instead, an attacker used a legitimate Solana feature, “sustainable occasions,” to trick Drift’s security board into pre-approving transactions that would be executed weeks later, at a time and in a context that the signers never anticipated.
The result was a loss of at least $270 million that took less than a minute to execute but more than a week to put together.
What are sustainable casuals and why they exist
On Solana, every transaction includes a “recent blockhash,” essentially a timestamp that proves the transaction was created recently. This blockhash expires after approximately 60 to 90 seconds. If the transaction is not submitted to the network within this window, it becomes invalid. This is a security feature that helps prevent old, stale transactions from being re-executed later.
Enduring circumstances override this security function. They replace the expiring blockhash with a fixed “nonce,” a one-time-use code stored in a special onchain account, which keeps the transaction valid indefinitely until someone chooses to submit it.
The feature exists for legitimate reasons. Hardware wallets, offline signing setups, and institutional custody solutions all need to be able to prepare and approve transactions without being forced to submit them within 90 seconds.
But transactions that are valid indefinitely create a problem. If you can convince someone to sign a transaction today, it could be executed next week or next month, depending on the system’s hard-coded rules. The signer has no way to revoke their approval once it is given, unless the casual account is manually advanced, which most users do not monitor.
How the attacker used them
Drift’s protocol was governed by a “Multisig Security Council”, a system in which multiple people (in this case, five) share control, and any action requires approval from at least two of them. Multisigs are a standard security practice in DeFi, where the idea is that compromising a single person is not enough to steal funds.
But the attacker didn’t need to compromise anyone’s keys. All they needed were two signatures, and they appear to have gotten them through what Drift describes as “unauthorized or distorted transaction approvals,” meaning the signatories likely thought they were approving a routine transaction.
Here is the Drift timeline published in a Thursday X post.
On March 23, four long-lasting casual accounts were created. Two of them were associated with legitimate members of the Drift Security Council. Two of them were controlled by the attacker. This means that the attacker had already obtained valid signatures from two of the five board members, locked into durable temporary transactions that would not expire.
On March 27, Drift executed a planned Security Council migration to replace a council member. The attacker has adapted. On March 30, a new durable temporary account appeared, linked to a member of the updated multisig, indicating that the attacker had again obtained the required approval threshold of two out of five in the new configuration.
On April 1, the attacker was executed.
First, Drift performed a legitimate test withdrawal of its insurance fund. About a minute later, the attacker submitted the pre-signed durable non-casual transactions. Two transactions, spaced four slots apart on the Solana blockchain, were enough to create and approve a malicious admin transfer, then approve and execute it.
Within minutes, the attacker had full control of Drift’s protocol-level permissions. They used this control to introduce a fraudulent withdrawal mechanism and empty the safes.
What was taken and where it went
Onchain researchers tracked fund flows in real time. The breakdown of stolen assets, compiled by security researcher Vladimir S., amounts to approximately $270 million spread across dozens of tokens.
The largest category was $155.6 million in JPL tokens, followed by $60.4 million in USDC, $11.3 million in CBBTC (Coinbase wrapped bitcoin), $5.65 million in USDT, $4.7 million in wrapped ether, $4.5 million in DSOL, $4.4 million in WBTC, $4.1 million in FARTCOIN and smaller amounts in JUP, JITOSOL, MSOL, BSOL, EURC and others.
The main drain wallet was funded eight days before the attack via NEAR protocol intentions, but remained inactive until the day of the execution. The stolen funds were transferred to intermediary wallets that were funded the day before via Backpack, a decentralized crypto exchange that requires identity verification, potentially giving investigators a lead.
From there, the funds were transferred to Ethereum addresses via Wormhole, a cross-chain bridge. These Ethereum addresses were pre-funded using Tornado Cash, the sanctioned privacy mixer.
ZachXBT, a prominent on-chain investigator, noted that more than $230 million in USDC was transferred from Solana to Ethereum via Circle’s CCTP (Cross-Chain Transfer Protocol) across more than 100 transactions.
He criticized Circle, the centralized issuer of USDC, for failing to freeze stolen funds during a six-hour window after the attack began around noon Eastern Time.
The attack is also reminiscent of recent social engineering attempts, using tactics similar to those seen before, according to a social media post from a user called “Temmy.” “We’ve seen this before. We’ve seen it so many times,” the user said.
“bybit. $1.4 billion. attacker compromised signing infrastructure and tricked signers into allowing malicious transactions. same concept. social engineering. no code. Ronin bridge. $625 million. validation keys compromised. same story. cetus protocol. $223 million. different method but same result. hundreds of millions gone.” the message said.
What has not been compromised
What failed was the human layer around multisig. Durable nonces allowed the attacker to separate the time of approval from the time of execution by more than a week, creating a gap where the context of the signed document no longer matched the context in which it was used.
All deposits into Drift’s borrowing and lending products, vault deposits and trading funds are affected. DSOL tokens not deposited into Drift, including assets staked to the Drift validator, are unaffected. Insurance fund assets are withdrawn and safeguarded. The protocol was frozen and the compromised wallet was removed from the multisig.
As such, this is the third major exploit in recent months that does not involve a code vulnerability. Social engineering and operational security failures, rather than smart contract bugs, are increasingly how money leaves DeFi protocols.
The durable nonce vector is particularly dangerous because it exploits a feature that exists for good reasons and is difficult to defend against without fundamentally changing how multisig approvals work on Solana.
The open question, which Drift’s next detailed postmortem will have to answer, is how two separate multisig members approved transactions they didn’t understand, and whether tooling or interface changes could have flagged occasional long-lasting transactions as requiring additional review.
Read more: North Korean Hackers Likely Behind $286 Million Drift Protocol Exploit
