Drift Protocol Hit by Sophisticated Durable-Nonce Attack; Around $280M Withdrawn, No Signs of Mnemonic Compromise

ChainCatcher reported that Drift Protocol said on X that a malicious actor used a previously unseen attack path involving durable nonces to gain unauthorized access and quickly seize Drift's Security Council permissions. The operation was described as highly sophisticated and allegedly took weeks of preparation, including setting up durable nonce accounts to pre-sign transactions and execute them later. Drift said preliminary findings suggest the incident did not stem from a vulnerability in its program or smart contracts. The team added there is no evidence that any mnemonic was stolen; instead, the attacker appears to have obtained permissions through unauthorized or forged transaction approvals, potentially aided by social engineering. Roughly $280 million in protocol funds were withdrawn. Drift said all lending, vault deposits, and trading funds were impacted. DSOL—defined as assets not deposited into Drift, including assets staked to Drift validators—was not affected. The insurance fund was also not impacted, and its assets are currently being withdrawn as a protective measure. Drift has frozen all remaining protocol functions and updated its multisig to remove the compromised wallets.