Drift Protocol Loses $285M in Novel Solana Durable Nonce Exploit

On April 3, 2026, the Solana-based decentralized exchange Drift Protocol confirmed that attackers successfully drained approximately $285 million from the platform through a novel attack vector involving 'durable nonces' — a Solana feature that allows transactions to be signed offline and submitted later. The attackers exploited this mechanism to gain unauthorized access to Drift Protocol and rapidly seized control of its Security Council administrative powers, enabling them to drain funds before the team could respond. This attack represents a significant evolution in DeFi exploit techniques, moving beyond traditional smart contract vulnerabilities to exploit lower-level blockchain transaction mechanisms. The incident highlights the risks inherent in complex DeFi protocols and the importance of multi-signature security controls with time-locks. The $285 million loss makes this one of the largest DeFi exploits of 2026. Organizations operating in the DeFi space should conduct thorough security audits of all transaction mechanisms, implement robust monitoring for unusual administrative actions, and consider time-delayed execution for high-value operations. Users of DeFi platforms should diversify holdings and be aware of the elevated risk profile of these platforms.