On April 1, 2026, at 16:06 UTC, 41.72 million JLP tokens disappeared from Drift Protocol’s vaults. Ten seconds later, 2,200 wETH followed. In total, 31 transactions across 5 vaults drained $285 million from the largest decentralized perpetual futures exchange on Solana. The attack took 12 minutes. The preparation took six months.

This was not a smart contract exploit. The code worked exactly as designed. The attacker used a legitimate Solana feature — durable nonces — to pre-sign transactions weeks before executing them.

The only thing that failed was the assumption that a cryptographic signature equals human intent.

You can pre-sign a transaction. You cannot pre-sign a face. Six months of trust collapsed into the gap between those two sentences.

The six-month con

The attackers, later attributed to North Korean state-affiliated group UNC4736, didn’t start with code. They started with coffee. Beginning in fall 2025, operatives posing as a quantitative trading firm met Drift contributors at major crypto conferences across multiple countries. They deposited $1 million of their own capital into a Drift Ecosystem Vault. They held working sessions. They asked detailed, informed product questions.

By March 2026, the relationship was nearly six months old. The attackers weren’t strangers — they were trusted collaborators who had been on calls, at dinners, and in DMs for half a year.

Then they compromised contributor devices through three vectors:

  • A malicious TestFlight app — presented as their group’s new wallet product. TestFlight bypasses Apple’s App Store security review.
  • A malicious code repository — presented as a website-building tool. Cloning the repo was enough.
  • A VSCode/Cursor IDE vulnerability — simply opening a folder provided by the group allowed silent arbitrary code execution on the contributor’s machine.

The individuals who appeared at conferences were not North Korean nationals. DPRK groups deploy third-party intermediaries with fully constructed identities, employment histories, and professional networks built to withstand due diligence. The people across the table were real. Their employer was not.

Durable nonces: the feature that became a weapon

Solana transactions normally expire after about 90 seconds if not submitted to the network. This is a security feature — it limits the window during which a signed transaction can be used. But Solana also offers durable nonces, a feature designed for legitimate use cases like hardware wallets and offline signing. A durable nonce transaction never expires. It sits dormant until someone submits it.

The attackers socially engineered two of five Security Council multisig signers into pre-signing durable nonce transactions. The signers believed they were approving routine operations. In reality, they were signing blank checks that would sit dormant for over a week before execution.

This is the core insight: a durable nonce makes a signed transaction valid indefinitely. But nobody verified that the signer still wanted that transaction when it finally executed.

The kill chain

The full sequence from infrastructure staging to execution:

  1. March 11 — Tornado Cash withdrawal. Attacker withdrew 10 ETH from Tornado Cash on Ethereum. Funds used to deploy infrastructure on Solana.
  2. March 12 — Fake token deployed. Deployed CarbonVote Token (CVT) on Solana. Minted 750 million tokens. Seeded ~$500 liquidity on Raydium DEX. Wash-traded for 18 days to maintain artificial $1.00 price. Drift’s oracles accepted this as legitimate.
  3. March 23 — Durable nonce accounts created. Created 4 durable nonce accounts: 2 tied to legitimate Drift Security Council members, 2 controlled by attacker. Social engineering obtained pre-signed transactions from 2 of 5 multisig signers. The signers did not understand what they were authorizing.
  4. March 27 — Timelock removed. Drift executed a planned Security Council migration — swapped a council member and moved to a 2-of-5 threshold with zero timelock. The timelock removal eliminated the 24–72 hour delay window that would have allowed detection of suspicious admin actions. The attacker re-obtained 2-of-5 approval under the new configuration.
  5. April 1, 16:05:39 UTC — Circuit breakers disabled. A single transaction containing two operations: (1) created brand-new Spot Market #63 for CVT, configured with inflated collateral value and no liquidation incentives, and (2) disabled Drift’s circuit breakers by modifying them to allow unlimited withdrawal volumes.
  6. April 1, 16:06:07 UTC — Fake collateral deposited. Deposited 500 million CVT. The fake oracle valued it at over $100 million. This created the “collateral” needed to borrow real assets from Drift’s vaults.
  7. April 1, 16:06:09–16:06:19 UTC — Vaults drained. 31 withdrawals in 12 minutes. 41.72M JLP tokens (~$155M), $60M USDC, $11M cbBTC, 2,200 wETH, and more. JLP vault drained from 41.7M tokens to 133 remaining — 99.9997% depleted. Total: $285 million.

From first withdrawal to last primary withdrawal — the major vaults were emptied in the time it takes to send a text message. The stolen funds scattered across 57,331 wallet addresses using automated bots making 590 transactions per minute for over 34 hours.

Why the multisig didn’t help

Drift had a 2-of-5 multisig Security Council. This sounds secure. In practice, the attackers needed to socially engineer exactly two people — and they had six months of relationship-building to do it. The compromised signers approved transactions from compromised devices that presented malicious operations as routine.

“The core issue is not the number of signers, but the lack of understanding of transaction intent.”

This is the same pattern that hit Bybit ($1.5B, February 2025 — 3 of 6 signers tricked), Radiant Capital ($53M, October 2024 — 3 of 11 signers compromised via UI manipulation), and Ronin Bridge ($625M, 2022 — fake job offer to an engineer). Every attack targeted the human signing layer. Every multisig verified keys, not people.

Adding more signers doesn’t help when signers don’t understand what they’re signing. A 10-of-10 multisig is equally vulnerable if all 10 signers are socially engineered into pre-signing durable nonce transactions they don’t comprehend.

Where the chain breaks

Insert one check at Step 3 — the moment the multisig signature is requested:

Before the cryptographic signature is applied, the signer must pass a live biometric verification tied to that specific transaction hash. The camera opens. Liveness detection runs. Anti-deepfake analysis executes. A signed JWT binds the verified human to the exact transaction being authorized — with an expiry of 60 seconds, not indefinite. The attacker has the compromised key but cannot produce the signer’s face. The pre-signed durable nonce attack becomes impossible: you can’t “store” a biometric verification for later execution.

The attacker has compromised devices, pre-signed nonces, a fake token with manipulated oracles, and 2 of 5 multisig approvals. They have everything except the one thing that cannot be pre-signed, stored, forwarded, or faked in real-time: the signer’s physical face in front of a camera at the exact moment the transaction executes.

Four intervention points

Biometric step-up verification would have broken the kill chain at four distinct moments:

1. Multisig signing (March 23–30)

Each multisig signature requires real-time biometric verification. The signer sees a human-readable summary of what the transaction actually authorizes, confirms intent through a biometric check bound to that specific transaction hash, and the verification expires in seconds — not indefinitely like a durable nonce.

2. Timelock removal (March 27)

Security-critical governance changes — especially removing timelocks — trigger unanimous biometric confirmation from all council members, not just the 2-of-5 threshold. A configuration change this dangerous should require every signer to prove they’re present and informed.

3. Admin actions (April 1, 16:05:39 UTC)

Creating a new market, disabling circuit breakers, and modifying withdrawal limits — all in a single transaction — should require biometric verification from the admin key holder. The attacker possessed the key but cannot possess the biometric.

4. High-value withdrawals (April 1, 16:06:09–16:06:19 UTC)

31 withdrawals totaling $285M executed with no human verification. Withdrawals above a configurable threshold require biometric step-up from the authorized withdrawer. Even with protocol-level permissions, the attacker cannot produce the biometric of the authorized signer.

What the JWT proves

If Drift had biometric step-up verification on multisig signing, the attacker’s pre-signed transactions would have been blocked at submission. The API would return:

{
  "action_verified": false,
  "rejection_reason": "biometric_not_present",
  "action_attempted": "multisig_sign_admin_transfer",
  "estimated_value": "$285,000,000",
  "signer_id": "council_member_2",
  "nonce_type": "durable",
  "nonce_age_hours": 192,
  "verified_at": "2026-04-01T16:05:39Z",
  "note": "no biometric session found — pre-signed nonce rejected"
}

That response is a signed, timestamped record showing the exact moment a pre-signed transaction was submitted without a live human behind it. Instead of $285 million lost, Drift would have a security alert and a list of compromised nonce accounts to invalidate.

The pattern is the warning

The escalation is accelerating:

  • 2022: Ronin Bridge — $625M — fake job offer to one engineer
  • 2024: Radiant Capital — $53M — 3 of 11 multisig signers compromised via UI manipulation
  • 2025: Bybit — $1.5B — supply chain compromise of Safe Wallet UI, 3 of 6 signers deceived
  • 2026: Drift — $285M — six-month infiltration, durable nonce pre-signing, 2 of 5 socially engineered

The adversaries are state-sponsored intelligence operatives with six-month timelines, conference budgets, and fully constructed cover identities. The sophistication increases with every attack. The target remains the same: the human signing layer.

The fund flows from the Drift attack have been traced back to the same group that hit Radiant Capital. These are not isolated incidents. This is a sustained, well-resourced campaign growing in scale and sophistication every year.

The lesson

Drift’s security model verified keys. It should have verified people. A durable nonce makes a signed transaction valid indefinitely — but it should not be possible to make a verified human intent valid indefinitely.

Biometric step-up verification at the moment of action creates an unforgeable temporal link between the human, their intent, and the specific action being taken. The verification expires. It cannot be pre-signed. It cannot be stored. It cannot be replayed.

You can pre-sign a transaction. You can pre-sign a nonce. You cannot pre-sign a biometric.

Try the live demo: loricaapi.com/demo | Read the docs: loricaapi.com/docs