JLaunchpad (JLP)

The Driff protocol hack isn’t as straightforward as it seems.

Let’s walk through what actually happened:
The attacker exploited the durable nonces feature to pre-sign transactions weeks in advance, tricking the Security Council (multisig) into approving them. This ultimately allowed the attacker to seize admin control, modify withdrawal limits, and drain several major vaults. Specifically:

1, Created a wallet and pre-signed transactions using durable nonces to deceive the multisig into approving them

2, Submitted two pre-signed transactions → taken over admin privileges

3, Drained more than 15 different tokens (JLP, SOL, USDC, etc.) within minutes (~$270–285M)

4, Converted assets into USDC

5, Bridged funds to Ethereum via Wormhole with Backpack also suspected to be involved in the laundering flow

6, Swapped a portion into ETH (~19,913 ETH ≈ $42.6M)

7, Funds were then routed through multiple addresses linked to potential laundering activity

Looking back at 2022, Driff also suffered from a logic flaw in

Drift Protocol said the incident involved a malicious actor using a novel attack related to durable nonces to gain unauthorized access and quickly take control of Drift Security Council administration. Drift described the exploit as long-prepared and highly complex, potentially involving pre-signed transactions via durable nonce accounts that enabled delayed execution, ultimately resulting in roughly $280 million being withdrawn. Drift said its initial investigation indicates the cause was not a code or smart contract vulnerability, and it has found no evidence of seed phrase compromise; the attacker may have obtained permissions through unauthorized or forged transaction approvals, potentially involving social engineering. https://t.co/zD7fFW9PrQ

🚨JUST IN: @JupiterExchange says $JLP remains safe and fully backed after the Drift exploit stole large amounts of $JLP from Drift vaults, adding that even large redemptions or burns do not change $JLP’s price. https://t.co/QBoKZxuyzx