Solana Hack: How $280 Million Slipped Through a Security Flaw

A recent breach hit the Solana‑based DeFi platform Drift, stealing about $280 million in a swift attack that exploited a feature called durable nonces. This tool, meant to keep transactions alive longer on the Solana network, was used by attackers to trick Drift’s Security Council into approving moves that would be carried out weeks later. Because of the breach, Drift halted all deposits and withdrawals while it worked to secure its users. The incident follows a pattern of large crypto thefts linked to North Korea. Analysts say the on‑chain activity matches earlier attacks attributed to the regime, which stole roughly $2 billion in 2025—about sixty percent of all global crypto thefts that year. In 2024, the same actors carried out a $1. 5 billion raid on Bybit, the biggest crypto hack ever recorded.Unlike many North Korean hacks that rely on social engineering to trick individuals into giving up secrets, this Drift attack was purely technical. By abusing the durable nonce mechanism, the thieves bypassed normal security checks and gained administrative control over Drift’s council. Drift, founded in 2021 by Cindy Leow and David Lu, offers perpetual futures and other trading products. At the time of the breach, it held over $400 million in user deposits and had facilitated more than $19 million in trades. The incident underscores the importance of rigorous security reviews for smart contracts and highlights how even well‑intentioned blockchain features can become weapons if not properly safeguarded.