Exploatarea Protocolului Drift: 270 de milioane de dolari dispar pe măsură ce modelul de securitate al Solana se confruntă cu o nouă amenințare

TheCoinAnalysis · 2026-04-03T14:05:59.000Z

Durabilele Nonce ale Solana Sub Supraveghere Atacul recent asupra Drift Protocol a expus o vulnerabilitate critică în modelul de tranzacții al $SOL , valorificând o caracteristică cunoscută sub numele de „nonce-uri durabile”. Durabilele Nonce ale Solana Sub Supraveghere Atacul recent asupra #DRIFT Protocol a expus o vulnerabilitate critică în modelul de tranzacții al #solana , valorificând o caracteristică cunoscută sub numele de „nonce-uri durabile”. Pe 23 martie, au fost create patru conturi durabile nonce: două legate de membri legitimi ai Consiliului de Securitate Drift și două sub controlul atacatorului. Această configurație a permis atacatorului să pregătească tranzacții frauduloase care urmau să fie autorizate de guvernarea multisig a protocolului câteva săptămâni mai târziu.

Solana’s ‘Durable Nonces’ Under Scrutiny The recent attack on Drift Protocol exposed a critical vulnerability in $SOL ’s transaction model, leveraging a feature known as “durable nonces.
Solana’s ‘Durable Nonces’ Under ScrutinyThe recent attack on #DRIFT Protocol exposed a critical vulnerability in #solana ’s transaction model, leveraging a feature known as “durable nonces.
On March 23, four durable nonce accounts were created: two linked to legitimate Drift Security Council members and two under the attacker’s control. This setup enabled the attacker to prepare fraudulent transactions that would be authorized by the protocol’s multisig governance weeks later.
Security Council Approval Trick UncoveredDrift Protocol’s governance relied on a five-member Security Council multisig, with at least two signatures required for critical actions. The attacker exploited this process by tricking council members into pre-approving malicious transactions using durable nonces. These pre-signed actions included removing withdrawal limits and granting themselves administrative privileges. Once signed, these transactions could be executed at any time, giving the attacker an open window for exploitation.
It’s a stark reminder that admin key management can be just as risky as smart contract bugs.
$270 Million Gone in Under a MinuteWhen the attack was finally executed, more than $270 million was drained from Drift Protocol in less than sixty seconds. The setup phase spanned over a week, but the actual theft was nearly instantaneous. The attacker created a fake market for a worthless token called CVT and manipulated its price oracle—an external data feed providing token prices—to artificially inflate its value. With withdrawal controls removed and the price of CVT set by their own oracle, the attacker siphoned off major assets including $USDC and eETH from Drift’s shared liquidity pool.
Onchain data shows that afer draining user funds, the exploiter swapped most assets into USDC and then bridged them to #Ethereum . According to cointelegraph.com, critics have questioned why Circle did not freeze the stolen USDC for at least six hours during this period, especially since Circle has taken such action in previous cases.
See Also
Ethereum Foundation Sells 5,000 ETH to BitMine in $10M OTC Deal
US Treasury Softens Stance on Crypto Mixers, Recognizes Lawful Privacy Needs
North Korean Hackers Suspected in RaidBlockchain analytics firm Elliptic has identified “multiple indicators” linking the $285 million Drift exploit to North Korea’s state-sponsored DPRK hacker group. These indicators include familiar laundering techniques and network behaviors observed in prior attacks attributed to DPRK actors. If confirmed, this would mark Elliptic’s eighteenth tracked North Korean crypto theft this year alone, with total losses exceeding $300 million so far in 2025.
The scale of this incident is notable even against previous record-setting breaches. In December last year, Chainalysis reported that North Korean hackers stole $2 billion worth of crypto in 2025—including $1.4 billion from Bybit—a 51% increase over the prior year. U.S. Treasury officials have repeatedly warned that such stolen assets are funneled into North Korea’s weapons programs.
On paper, decentralized governance and multisig security should prevent single points of failure—but sophisticated social engineering and admin key mismanagement continue to undermine these safeguards.
Why it matters: Practical Impact Across Solana EcosystemThe fallout from Drift’s exploit rippled across Solana markets within hours. SOL dropped nearly 3% to $78.30—the lowest price since late February—while DRIFT tokens plummeted over 40% to approximately $0.06 following news of the breach. For users of Drift Protocol—the largest decentralized perpetual futures exchange on Solana—deposits and withdrawals were frozen during the attack as teams scrambled to coordinate with security firms and exchanges.
The incident also reignited debate around admin key audits versus code audits: just ten days earlier, another Solana protocol called Resolv lost $25 million after attackers compromised a privileged service key rather than exploiting smart contract code directly.
It remains unclear whether all stolen funds will be recovered or if further protocol changes can prevent similar attacks using durable nonces or social engineering tactics targeting multisig councils.
Key risks to monitorIf Circle decides to freeze the stolen USDC—estimated at over $270 million and bridged to Ethereum after the March 27 exploit—immediate asset recovery could occur; however, as of several hours after the attack, no such freeze had been confirmed, raising uncertainty about the funds' status.