Happy April Fool's Day... Your $280 Million Is Gone. Really.
On April 1st, the Solana-based DeFi platform Drift Protocol had $280 million drained from its accounts in what blockchain security firm Elliptic says bears all the hallmarks of a North Korean state-backed operation. The attack was no prank - and for Drift's users, it was about as far from funny as it gets.
What made this one technically notable was the attack vector. Rather than a straightforward exploit or the social engineering tricks North Korean hackers are known for, the alleged attackers abused a Solana feature called a durable nonce - a mechanism designed to prevent transaction timeouts. According to reporting by Fortune, the attacker used this mechanism to dupe Drift's Security Council into pre-approving transactions that wouldn't execut...
English (US)