Drift protocol (DRIFT)

🚨JUST IN: Initial findings on the @DriftProtocol exploit: ➡️A highly coordinated attacker gained control of Drift’s Security Council admin using pre-signed transactions via durable nonce accounts, indicating weeks of preparation and staged execution. ➡️The attack was not due to any smart contract bug or exploit, and there is no evidence of compromised seed phrases. ➡️Instead, the attacker appears to have obtained 2/5 multisig approvals in advance, likely through sophisticated social engineering or misrepresented transaction approvals. ➡️As early as March 23, multiple durable nonce accounts were set up across both multisig members and attacker-controlled wallets, allowing transactions to be signed earlier and executed later. ➡️Even after a Security Council multisig migration on March 27, the attacker regained effective access to required signers, showing persistent compromise. ➡️On April 1, shortly after a legitimate insurance fund test transaction, the attacker executed two pre-signed nonce transactions just minutes apart, enabling a rapid and near-instant admin takeover. ➡️With full admin control, the attacker introduced a malicious asset, removed withdrawal limits, and exploited protocol permissions to drain funds. ➡️Approximately $280M was withdrawn, impacting all funds in borrow/lend, vault deposits, and trading balances on the platform. ➡️Unaffected funds include DSOL not deposited into Drift and Insurance Fund assets, which are being moved for safeguarding. ➡️All protocol functions have now been frozen, and the compromised multisig wallet has been removed to prevent further damage. ➡️Drift is actively coordinating with security firms, bridges, exchanges, and law enforcement to trace and potentially recover stolen assets, with a full postmortem expected soon.

BREAKING: Drift Protocol Hacked: ~$270M+ Stolen In Biggest Solana Exploit Since Wormhole One of the largest DeFi hacks in crypto history just happened. Here is everything you need to know: What Happened? On April 1, 2026, attackers drained ~$270M to $285M from Drift Protocol, a major Solana‑based decentralized exchange, in under 1 hour. Drift's TVL collapsed from ~$311M to just ~$23M. Deposits and withdrawals are suspended. How Did It Happen?* This was NOT a smart contract bug. PeckShield confirmed the root cause was an admin private key compromise. The attacker gained full admin access, changed the keys to lock out the Drift team, and systematically drained multiple vaults. Onchain data shows the drainer wallet was funded 8 days before the attack via NEAR Intents and sat dormant until execution. A test transaction was even done last week. This was fully premeditated. Stolen Assets: → 41.72M JLP Tokens (~$155.6M) → 51.6M USDC (~$51.6M) → 125K WSOL (~$10.45M) → 282+ BTC → FARTCOIN, WETH, mSOL and more The attacker swapped everything into ETH. Latest reports show full conversion into 129,066 ETH ($273M). Funds also moved through HyperLiquid, Binance, ChainFlip, Raydium and Orca. @circle's Failure: The attacker bridged millions of $USDC from Solana to Ethereum using Circle's own CCTP, during US business hours and Circle took no action for hours. No freeze. No blacklisting. Nothing. ZachXBT called Circle a "bad actor" for the industry. This comes just days after Circle froze 16 legitimate business wallets with zero evidence, which ZachXBT called "the most incompetent freeze" in 5+ years. Circle can freeze innocent businesses instantly but cannot stop stolen funds flowing through their own infrastructure during a live 9‑figure hack. The double standard is real. DRIFT Token: → Crashed from ~$0.072 to as low as ~$0.04 → Down 44% → Volume spiked 198% → Market cap fell to ~$15M If You Used Drift: → Revoke ALL wallet approvals tied to Drift immediately → Do NOT deposit any funds → Only follow official @DriftProtocol for updates → Beware of fake recovery scam links Key Lesson: Private key compromise remains the most dangerous vulnerability in crypto. Not code exploits. Not oracle manipulation. Just basic key management failure. Every DeFi protocol needs multi‑sig wallets, time‑locked admin operations, and real‑time monitoring. Until that becomes standard, billion‑dollar protocols will keep falling to the oldest attack in the book. Stay safe. Protect your keys. Trust no one with admin access. @CryptoPatel #DriftProtocol #CryptoHack #Solana

Drift Protocol got hacked for $270M and you expect people to take this industry serious.

Yesterday, the Defi protocol @DriftProtocol on Solana was hacked. - Damage amounted to about 285 million USD from JLP, USDC, SOL vaults... - TVL dropped from 309 million to ~41 million USD. - The hacker created a fake token called CarbonVote ( $CVT) with little liquidity on Raydium to manipulate the oracle, combined with compromised admin keys to bypass safeguards and withdraw real assets in just ~12 minutes. - The hacker's wallet swapped to USDC, bridged to ETH, and bought $ETH - Drift confirmed the attack and temporarily suspended all deposits/withdrawals. They are collaborating with security firms, bridges, and exchanges to investigate the incident. - The token $DRIFT fell by 17-40%, and SOL came under pressure. This is the largest DeFi hack in 2026 and the second-largest on Solana to date.

🚨 In the past few hours, Drift Protocol (Solana DeFi) was hacked. On-chain data shows that approximately $285 million has been withdrawn from the protocol, mainly SOL, USDC and other assets. Drift confirmed an ongoing attack and halted deposits and withdrawals. The exact cause has not been confirmed yet; speculation includes a smart‑contract exploit or compromised keys. The stolen funds have already been distributed across multiple wallets and partially swapped. The DRIFT token immediately suffered a sharp drop and the protocol’s liquidity has significantly decreased. This could become one of the biggest DeFi hacks of 2026. If you have used Drift: check and revoke wallet approvals, refrain from interacting with the protocol for now, and await official updates.

#PeckShieldAlert Drift Protocol @DriftProtocol has been exploited, resulting in a loss of over $285M - more than 50% of its TVL. $DRIFT has plummeted by -37%. The exploiter has already bridged the stolen assets from #Solana to #Ethereum via the CCTP TokenMessengerMinterV2, moving 129K $ETH (valued at ~$270.9M).

This thesis took a week to age very poorly. The problem with these DeFi protocols are that they're not actually decentralized. It's like an unregulated bank with the manager hiding the keys to the vault under a mattress. There's no accountability and that makes it not investible. https://t.co/GFk5XO3Ai7

Now I'm just grateful that a few months ago, in order to earn interest with $usd1, I consolidated most of the unused assets on-chain and swapped them to $usd1 to earn annualized returns on an exchange... Bear market protocol thefts are all too common, whether due to insiders stealing or actual hacks. Unless you have a solid security plan or can arbitrage on-chain, I don't really recommend keeping money in protocols you're not familiar with. Not to mention, many protocols initially signed third‑party agreements with whales, guaranteeing compensation. So it's better to pull the money off-chain, either put it on an exchange or in your own wallet or a cold wallet—safer that way. Converting to $usd1 and earning interest is pretty good

Drift Protocol $270‑$285 million heist full analysis: when it was announced, most people thought it was an April Fool's joke! Should Sol consider a rollback? So far this has become the largest DeFi hack of 2026 (we still have eight months, hoping there won’t be a bigger one). 1️⃣ What happened? Yesterday afternoon, the top Derivatives protocol in the Solana ecosystem, Drift Protocol (perpetual contract DEX), suffered a composite attack that compromised admin privileges. In just 12 minutes, the attacker drained about $270‑$285 million of real assets from the protocol’s main treasury (estimated by major firms such as PeckShield, Bloomberg, Lookonchain, etc.). The team quickly confirmed an “active attack”, paused all deposits and withdrawals, and emphasized that “this is not an April Fools joke”. This is the largest‑value DeFi incident so far this year and the second‑largest security incident in Solana history (only behind the 2022 Wormhole bridge hack of $326 million). 2️⃣ How did the hacker do it? 1) Preparation (weeks before) The attacker minted fake tokens and fabricated price history to set up later manipulation. 2) Attack launch (around 00:00 UTC+8 on April 1) Using a compromised Drift admin private key (multisig key leaked), the attacker performed critical operations in a single transaction: added a fake market and removed the withdrawal guard threshold. 3) Deposited massive fake collateral. Then 31 withdrawal transactions moved assets from multiple vaults (JLP Delta Neutral, SOL/BTC Super Staking, etc.) within 12 minutes. 4) Main stolen assets (on‑chain confirmed): JLP ≈ $155.6 million USDC ≈ $60.4 million cbBTC, WETH, WBTC, FARTCOIN, JitoSOL, etc. Total $270‑$285 million. Money laundering (1‑2 hours after the attack) was done through the Jupiter aggregator, swapping to USDC. The funds were bridged to Ethereum, where most were used to buy ETH (approximately 20,000 ETH purchased). Primary hacker address: HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES (viewable on‑chain). 3️⃣ Impact on the crypto space: First, Drift’s TVL was cut in half within an hour (from about $550 million to ~$255 million), pushing the protocol’s liquidity toward collapse. The DRIFT token also plunged, with a peak drop of 30‑35% and still sitting at low levels. Then a cascade of effects: several protocols that rely on Drift for yield (such as Reflect, DeFiCarrot, Pyra, etc.) have paused redemptions, leaving user funds stuck. Market sentiment: concerns over “admin key = single point of failure” in DeFi have intensified. In the short term, funding for Solana DeFi projects and user confidence are likely to suffer, and TVL for DEX projects may also be affected. 4️⃣ Industry warning: I’ve basically seen it coming; it proves once again that even the strongest smart contracts can’t survive a stolen admin key. What should ordinary users/investors watch out for? 1) Act now: If you have funds on Drift, you cannot deposit or withdraw at the moment. Keep monitoring the official @DriftProtocol. The Phantom wallet has blocked Drift‑related accesses to avoid accidental actions. 2) Long‑term risk mitigation (must‑read): Admin privileges are the biggest risk: prioritize highly decentralized protocols (multisig + timelock + DAO governance) and avoid those controlled by a single admin key. Don’t chase TVL and APY alone: high yields often come with high risk, especially projects that depend on a single oracle or vault. Fund management: diversify perpetual/leverage positions; use hardware wallets + multisig for large amounts; regularly review protocol audit reports and multisig members. Bridge caution: hackers love to move funds through bridges; use small test amounts or official bridges. Information sources: trust only official accounts and on‑chain data (Solscan / Arkham / Lookonchain); ignore any “compensation airdrop” scams. 5️⃣ Future watch‑points and lessons for us: It’s already very tough; whether Drift can recover part of the funds (Circle may freeze some USDC) remains to be seen. Honestly, this was a human‑caused disaster: an admin key compromise leading to a permissions catastrophe. DeFi has been around eight years but is still early; security always outweighs yield. Crypto survival rule #1: Never your keys, never your coins — this was brutally proven again.