Tokenzz

Drift Protocol just released their thread on the $280 million hack It's worse than anyone thought too There was no code exploit. It wasn’t a flash loan. It wasn’t even a traditional key theft. Solana has a feature called "durable nonces" that lets you sign a transaction today but execute it days or weeks later Sound familiar EVM critics? 😏 Think of it like writing a signed check and leaving it in someone's drawer until they decide to cash it. The attacker used this to build a time bomb inside Drift's own governance system. So I was wrong and Solana’s architecture did in fact play a role in this exploit occurring. Similar to how a hacker exploits approvals on EVM chains. Here's how it played out: March 23: The attacker sets up four of these delayed-execution accounts. Two are tied to real Drift Security Council members and two belong to the attacker. At some point, the attacker tricks two of Drift's five council members into signing transactions they didn't fully understand. Blind signing is something I have called out a lot and it is a major issue with many of these chains Drift calls it "transaction misrepresentation” 🤨 But in reality they were socially engineered into signing their own robbery Those signatures sat dormant for nine days! March 27: Drift rotates its security council. New members, fresh setup. Doesn't matter. The attacker compromises two of the five new signers too. April 1: Drift runs a routine test transaction. Sixty seconds later, the attacker cashes those pre-signed checks. Two transactions, four Solana slots apart. Full admin control. Every withdrawal limit removed. Every vault drained. $280 million. Gone. Two out of five signatures is all it took 🤦‍♂️ But also clearly some major planning and patience for this elaborate attack Blind signing Durable nonces which function similarly to approvals Poor key management Insecure infrastructure Everything worked as it was designed to work and this was just an incredibly well orchestrated and thought out attack