Here is how Drift attackers drained more than $270 million using a Solana feature designed for convenience
Attackers exploited a Solana feature called 'durable nonces' to drain over $270 million from Drift Protocol by pre-approving transactions.Summary
The recent $270 million exploit of Drift Protocol wasn't a traditional hack, but a clever manipulation of Solana's 'durable nonces' feature. This feature allows transactions to remain valid indefinitely, bypassing the usual time constraints and enabling pre-signed approvals. Attackers exploited this by obtaining signatures from Drift’s Security Council for what appeared to be routine transactions, then executing them weeks later to drain funds. The attack highlights a vulnerability in the human layer of multisig security, where signers can approve transactions without fully understanding their future implications. The stolen funds, totaling roughly $270 million across various tokens, were moved through multiple wallets and cross-chain bridges, including Tornado Cash, raising questions about the effectiveness of current security measures and the need for improved tooling to flag potentially malicious durable nonce transactions. This incident underscores a growing trend of exploits stemming from operational security failures rather than code vulnerabilities within DeFi protocols.
(Source:CoinDesk)