What is a durable nonce attack on Solana?

Durable nonces let transactions pre-sign and delay execution — perfect for tricking multisig signers into approving hidden malice that hits later.

Is DPRK behind the Drift $285M hack?

Strong on-chain signs point yes: Pyongyang-timed deploy, Tornado Cash, Bybit-like laundering. Elliptic calls it their 18th this year.

Ditch naive multisig for AI-monitored, signerless schemes. Vet every approver like a spy. And audit oracles — they swallowed fake tokens whole.

🌐 Nation-State Threats

Drift got nonce'd. Hard. North Korea's hackers just turned social engineering into high art, draining $285 million from a 'secure' Solana DEX.

Threat Digest Apr 03, 2026 4 min read 20 views

Read in: Deutsch English Español Français Italiano 日本語 한국어 Português (BR) Русский Türkçe

DPRK used durable nonces and social engineering to bypass Drift's multisig without touching code. 𝕏
Attack mirrors Bybit 2025 heist, with $285M laundered via Tornado Cash and bridges. 𝕏
Multisig isn't secure if humans can be conned; DeFi needs signerless defenses now. 𝕏

Published by

Threat intelligence. Zero noise.

#DPRK crypto theft #DPRK hack #Drift Protocol #Drift hack #Solana DeFi exploit #durable nonce attack #durable nonces #social engineering

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News