Drift Loses $285 Million in Durable Nonce Exploit

On April 1, 2026, the Solana-based decentralized exchange Drift confirmed a security breach resulting in the loss of approximately $285 million. The attack involved a novel exploit using durable nonces, allowing a malicious actor to gain unauthorized access and rapidly take over Drift’s Security Council administrative powers. The incident was attributed to social engineering tactics linked to the Democratic People’s Republic of Korea (DPRK). No specific CVE IDs or additional technical details about the nonce exploitation method were provided. The impact included the direct theft of funds from the platform.