Carrot DeFi shuts down after Drift exploit wipes $8M TVL, exposing risks of relying on single protocols as users rush to withdraw funds.
Author: Akshat Thakur
1st May 2026 – Solana yield protocol Carrot DeFi has announced a full shutdown. The decision follows the $285 million Drift Protocol exploit, which wiped out roughly $8 million of Carrot’s TVL.
High Signal Summary For A Quick Glance
𝕋𝕖𝕞𝕞𝕪🦇🔊
@Only1temmy
@DeFiCarrot Thanks for exiting quietly. Take care
1/ Carrot is shutting down This is certainly not the outcome we wanted, but the situation with the Drift exploit, has proven to be catastrophic for our continued operations.
09:31 PM·Apr 30, 2026
CryptoCreek
@EhDhizy
@DeFiCarrot Wishing y’all the best. Looking forward to What you’ll ship out next
1/ Carrot is shutting down This is certainly not the outcome we wanted, but the situation with the Drift exploit, has proven to be catastrophic for our continued operations.
09:27 PM·Apr 30, 2026
fabiano.sol
@FabianoSolana
@DeFiCarrot sad to see wishing you guys all the best
1/ Carrot is shutting down This is certainly not the outcome we wanted, but the situation with the Drift exploit, has proven to be catastrophic for our continued operations.
06:08 PM·Apr 30, 2026
High attention and emotional sentiment detected.
The Carrot team confirmed the decision on April 30. They called the Drift exploit “catastrophic” for continued operations. As a result, users now have until May 14, 2026, to withdraw remaining funds.
Carrot built its two main products on top of Drift Protocol, Solana’s largest perpetuals DEX. Boost offered automated yield strategies, while Turbo provided leveraged yield positions.
Both products relied heavily on Drift’s liquidity pools. So when attackers drained approximately $285 million from Drift on April 1, 2026, Carrot’s positions collapsed.
The exploit used pre-signed durable nonce transactions along with compromised administrative keys. This allowed attackers to bypass Drift’s multisig controls, according to Yahoo Finance.
Because of the exploit, Carrot’s TVL dropped from roughly $28 million to about $1.99 million, according to DefiLlama.
This is certainly not the outcome we wanted, but the situation with the Drift exploit has proven to be catastrophic for our continued operations, the team wrote on X.
The team set May 14 as the final date for withdrawals. After that deadline, the protocol will deleverage all positions to 1x. That process will then free up liquidity for $CRT token redemption.
“Your deposited funds are still yours, but all leverage will be reduced to zero, freeing up all liquidity for CRT redemption,” the team wrote on X.
The team also committed to distributing any future recovery funds from Drift. This commitment aligns with earlier promises to affected Carrot users.
Key milestones in Drift Exploit Impact on DeFiCarrot (Carrot)
Attackers drain ~$285M from Drift Protocol, triggering one of the largest DeFi exploits of the year and impacting connected liquidity.
DeFiCarrot confirms losses tied to Drift exposure, adjusts NAV, and begins communicating restructuring plans to users.
Protocol unwinds positions to restore liquidity, reaching ~90% unwound while preparing for redemptions and tracking recovery claims.
Limited updates follow as operations continue at reduced capacity, with uncertainty around full recovery and sustainability.
Carrot announces closure after TVL collapses, citing the exploit’s catastrophic impact and inability to continue operations.
Users must withdraw funds before deleveraging begins, with remaining positions automatically unwound and recovery distributions pending.
Drift Protocol published a recovery update on April 16 with a plan for impacted users. As part of this plan, the protocol will issue a dedicated recovery token to each affected user.
“To streamline distribution of recovery assets and provide liquidity for impacted users, Drift will issue a dedicated recovery token,” the team wrote. This token is separate from the DRIFT governance token.
Drift’s current TVL sits at $238.24 million after partial recovery efforts, per DefiLlama. Still, no one has disclosed the exact amount Carrot users may recover.
Carrot’s collapse highlights a well-known but underestimated DeFi risk. Protocols that build on other protocols inherit all their vulnerabilities as a result.
Carrot’s Turbo product specifically relied on Drift’s stable liquidity and oracle data. Once that foundation crumbled, the leveraged yield model became unsustainable. No direct breach of Carrot’s own contracts occurred.
Some community members criticized Carrot’s risk management for relying on a single protocol. Others, though, praised the team’s transparent communication instead.
Sentiment on X leaned heavily toward support for the Carrot team. Several community members called it one of the best Solana DeFi products.
“Damn, we lost a real one here. Huge thanks to the entire team for being up front and honest about everything going on,” wrote @TheLazySol.
“Sad to see you go, such a great project,” added @CloakdDev. Similarly, @metaproph3t said he was “bullish on whatever you guys do next.”
The dominant narrative is consistent across X, Reddit, and Telegram. This was a good project lost to an upstream exploit, not a rug pull.
Carrot users should withdraw all funds from Boost, Turbo, and CRT positions before May 14. After that date, the protocol will reduce all leverage to zero.
Any recovery from Drift’s framework will flow through to affected depositors. The team has not shared plans for future projects yet.
Since this article discusses a protocol shutdown and fund withdrawals, readers should verify all steps through Carrot’s official channels. This is not financial advice.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
