The message Drift Protocol posted to X on April 1, opened with an unusual disclaimer: "This is not an April Fools joke." Within hours, the reason became clear. A $285 million exploit had wiped out more than half of the Solana-based decentralized perpetual futures exchange's total value locked — and the attack had been in preparation for six months.

A malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift's Security Council administrative powers. The incident, which took place on April 1, was confirmed as a highly sophisticated operation involving multi-week preparation and staged execution.

Dr...