Solana DeFi Platform Hit by $280 Million Hack Using Durable Nonces

A major exploit has occurred on Solana-based DeFi platform Drift Protocol, resulting in the loss of over $280 million. The attack was attributed to an attacker using 'durable nonces', a feature that allows transactions to persist without expiring.

According to Drift Protocol's preliminary report, the attacker obtained unauthorized or misrepresented transaction approvals by using durable nonces and social engineering. These approvals were later used to execute the exploit, impacting several protocols within the Solana ecosystem.

The attack appears to have been well planned, with the hacker gaining access to the Drift multisig as early as March 23. The attacker controlled two of the four nonce accounts created at the time, effectively giving them control of 2/5 of the multisig signers.