The post Drift Protocol Hit By $280M Exploit As Sophisticated Attack Targets Governance Controls appeared on BitcoinEthereumNews.com.

Drift Protocol, a Solana-based perpetuals trading platform, is dealing with the fallout of a major exploit that has drained approximately $280 million from its ecosystem. Onchain data confirms that the breach was not a routine hack, but a carefully coordinated operation that unfolded over several weeks before execution. Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved… — Drift (@DriftProtocol) April 2, 2026 What makes this case stand out is how the attacker didn’t break the protocol in the traditional sense. Instead, they appear to have gained control from within, targeting governance mechanisms rather than smart contract vulnerabilities. How The Attack Quietly Took Shape According to Drift’s investigation so far, the exploit was made possible through a mix of durable nonce accounts and compromised transaction approvals. Durable nonces are a feature on Solana that allow transactions to be signed in advance and executed later. In this case, the attacker allegedly used that feature to their advantage. By pre-signing transactions and delaying their execution, they were able to stage the attack without triggering immediate suspicion. Drift says there’s no evidence of a bug in its smart contracts, and no indication that seed phrases were compromised. Instead, the issue appears to come down to how approvals were obtained. The team believes some transaction approvals may have been misrepresented or secured through targeted social engineering. It’s a different kind of attack, one that focuses less on code and more on people and process. Durable Nonces And Multisig Weaknesses Exploited At the center of the breach is Drift’s Security Council multisig, which requires multiple approvals to authorize key actions. The attacker managed to…

---

Filed under: News - @ April 3, 2026 10:17 pm