Drift Protocol lost about $285 million after an attacker used pre-signed Solana durable-nonce transactions to take over a 2-of-5 Squads V4 multisig with no timelock. The attacker gained admin control, created fake CVT spot markets with manipulated oracles, removed withdrawal limits, and drained vault assets through 33 rapid borrow-loop transactions. QuillAudits frames the incident as an operational security and governance failure rather than a smart contract bug, with durable nonce account activity and risky multisig configuration visible before execution. The stolen assets were swapped through Jupiter and moved across wallets and bridges, showing how compromised privileged-signing workflows can become a protocol-level loss event.