2 hours ago
525
In a bewildering case, Drift Protocol faced a substantial financial blow when nefarious entities exploited Solana‘s durable nonce feature to orchestrate a delayed cyberattack. Uniquely, this incident did not involve typical breach techniques such as bug exploits or private key theft. Attackers leveraged previously approved dual-signature transactions, executing them weeks later under entirely legitimate circumstances without raising immediate suspicion.
Understanding Solana’s Durable Nonce
Transactions on Solana typically include a specific blockhash that expires in approximately 60 to 90 seconds to prevent replay. The durable nonce mechanism circumvents this, allowing a transaction to remain indefinitely valid until its nonce is utilized. Created mainly for hardware wallet security and helping enterprise custodians manage transaction timing, this feature conceivably introduced an inadvertent vulnerability.
Once authorized, a transaction can be canceled only by manually updating the nonce account—an oversight opponents exploited in the Drift incident.
How Did the Attack Progress?
Late March saw the creation of four durable nonce accounts: two genuine and two controlled by attackers. By anticipating and adapting to changes in Drift’s council members, they secured the requisite signatures. This setup allowed them to broadcast the transactions just after a legitimate test withdrawal, facilitating unauthorized withdrawals under seemingly valid conditions.
Approximately $270 million was transferred to myriad wallets, significantly affecting the value of JPL tokens and stablecoins like USDC. The hack occurred through a wallet funded ahead of time and then moved assets to intermediary wallets, potentially leaving a trail for investigators.
On-chain analyst ZachXBT traced a significant portion of the stolen USDC transferred to Ethereum. Despite the scrutiny, ZachXBT criticized Circle for its delay in freezing the assets. ZachXBT stated,
“Circle should have acted more promptly to mitigate fund movement within the crucial first hours.”
This incident demonstrated glaring deficiencies in maintaining secure multi-signature setups. The use of durable nonces allowed the execution of pre-approved transactions, highlighting significant post-signature complacency and oversight. While losses were notable across various pools, specific elements like DSOL deposits and validator-staked assets within Drift remained protected.
Disclaimer: The information contained in this article does not constitute investment advice. Investors should be aware that cryptocurrencies carry high volatility and therefore risk, and should conduct their own research.
English (US)