Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift suffered a $285 million theft on April 1, 2026, via a novel attack exploiting durable nonces combined with social engineering. Attackers compromised the Security Council's administrative powers, enabling rapid fund drainage. The attack is linked to North Korean threat actors, consistent with the DPRK's established pattern of targeting cryptocurrency platforms for state revenue. The incident exposes critical vulnerabilities in Solana's nonce mechanism and DeFi governance structures. Organizations should audit nonce generation processes, implement multi-signature controls, enhance monitoring for unusual governance changes, and review cross-chain bridge security.

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the&

Solana-based decentralized exchange Drift suffered a $285 million theft on April 1, 2026, via a novel attack exploiting durable nonces combined with social engineering. Attackers compromised the Security Council's administrative powers, enabling rapid fund drainage. The attack is linked to North Korean threat actors, consistent with the DPRK's established pattern of targeting cryptocurrency platforms for state revenue. The incident exposes critical vulnerabilities in Solana's nonce mechanism and DeFi governance structures. Organizations should audit nonce generation processes, implement multi-signature controls, enhance monitoring for unusual governance changes, and review cross-chain bridge security. Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the& Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers," the&