Loading Search...
Drift Protocol lost an estimated $200M to $285M in a sophisticated exploit which is the biggest DeFi hack since 2022.
Author: Sahil Thakur
2nd April 2026 – Drift Protocol lost an estimated $200M to $285M in a sophisticated exploit on April 1, 2026. The Solana-based perpetuals DEX suffered what ranks as the chain’s biggest DeFi hack since the 2022 Wormhole bridge incident.
High Signal Summary For A Quick Glance
ZachXBT
@zachxbt
@circle @jerallaire Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours. Value was moved and nothing was done yet again. Comes days after you froze 16+ business hot wallets incompetently which is still https://t.co/T0Xwg1HIfO
Two things are evolving together: how value moves and how work gets done. @jerallaire explains why the connection between them matters. https://t.co/QJALp6UrwZ
12:14 AM·Apr 2, 2026
DBCrypto
@DBCrypt0
🚨BREAKING: Drift Protocol just got drained for over $200 million Solana's largest perps DEX. Gone in one transaction batch. The attacker didn't find a smart contract bug. They didn't exploit a flash loan. They walked in with the keys. On-chain data shows a single account https://t.co/aWDZwMKWAM https://t.co/wB91EAgaR6
🚨BREAKING: @Solana based perpetuals protocol @DriftProtocol exploited for over $200M, onchain data confirms. https://t.co/ZoyWR2DXZD
07:08 PM·Apr 1, 2026
Eddie
@DancingEddie_
I think Drift just... dies here? ByBit was able to get a billion dollar loan immediately after their hack because their yearly revenue numbers justified it Drift doesn't make nearly enough money for a company/bank to comfortably underwrite a loan to fill the hole here. rip :/ https://t.co/RsKoGYRZlU
06:23 PM·Apr 1, 2026
The attacker spent weeks preparing for the heist. Once the drain began, it took roughly 12 minutes. Nearly 20 protocol vaults were hit in rapid succession.
Three weeks before the attack, the exploiter minted a worthless token called CarbonVote Token (CVT). They created a low-liquidity pool on Raydium with just $500. Then they used wash trading to peg CVT at roughly $1.
During that same period, the attacker manipulated CVT’s price history on Switchboard, Drift’s oracle provider. This gave the fake token a credible on-chain price record.
On April 1, the attacker used what researchers describe as a compromised Drift admin key. They listed CVT as a new spot market on the protocol. They also raised withdrawal limits on USDC and other markets to 500 trillion, disabling all safety caps.
With those changes in place, the attacker deposited roughly 785 million CVT tokens as collateral. The oracle valued each token at about $1. That gave the attacker hundreds of millions in borrowing power against real assets.
The attacker drained funds from nearly 20 vaults. According to on-chain trackers, stolen assets include 66.4 million USDC and 42.7 million in JLP tokens. Large amounts of JitoSOL, wrapped BTC, wrapped ETH, and various stablecoins were also taken.
Additional tokens taken include JUP, RAY, MOODENG, and even FARTCOIN. Some trackers also report roughly 980,000 SOL among the stolen funds. Total vault liquidity dropped about 50% in under an hour.
The attacker quickly swapped stolen assets to USDC through Jupiter. From there, funds were bridged to Ethereum. On-chain data from Arkham shows the attacker has already purchased approximately 19,913 ETH worth over $42 million.
Src: PeckShieldAlert (X)
The Drift Protocol hack was not a smart-contract exploit in the traditional sense. Security analyst Vladimir S and multiple on-chain researchers concluded that a compromised admin signer was the critical enabler.
The compromised key allowed the attacker to push the CVT listing and withdrawal limit changes through governance without normal safeguards. According to researchers, different signature keys appeared across the transactions, pointing to a key management failure or multisig breach.
Some reports reference a new 2-of-5 multisig setup with zero timelock. That configuration, if accurate, would have allowed changes to take effect immediately without a waiting period for community review.
“Admin signer was compromised, or whoever controls it intentionally executed these changes,” Vladimir S stated. No evidence of an external smart-contract vulnerability exists. As one researcher put it, the attacker “walked in with the keys.”
Drift Protocol posted on X shortly after the attack began. “We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds,” the team wrote. They added: “This is not an April Fools joke.”
A follow-up post confirmed the protocol was under active attack. Deposits and withdrawals were suspended. Drift said it was coordinating with multiple security firms, bridges, and exchanges to contain the incident.
PeckShield is among the security firms involved in the response. Phantom Wallet also moved quickly, blocking protocol access for Drift users.
The $DRIFT token dropped 20% to 40% in the hours after the exploit. At last check, it was trading between $0.048 and $0.064, down roughly 30% to 35% over 24 hours.
Protocol TVL collapsed alongside the token price. Vault liquidity fell by half in under an hour. Solana’s broader DeFi ecosystem also felt the shock, with users rushing to revoke approvals and check exposure to Drift-related assets.
Loading chart...
The Drift Protocol hack shares clear similarities with the 2022 Mango Markets exploit on Solana. Avraham Eisenberg manipulated oracle prices to inflate collateral and drain $114 million from Mango’s pools. He was later arrested and convicted of fraud.
Admin key compromises have also driven some of DeFi’s largest losses. The 2022 Ronin Bridge hack cost $625 million. The Harmony Horizon Bridge exploit cost $100 million. Both resulted from compromised validator or signer keys.
The Drift exploit combines elements of both attack types. It used oracle manipulation to create fake collateral value, then relied on a compromised admin key to bypass protocol safeguards. That combination made it particularly devastating.
As of April 2, 2026, the situation is still developing. Drift has not released a full postmortem or loss reconciliation. The protocol remains fully paused.
Drift is working with security firms and exchanges to freeze or track stolen funds on both Ethereum and Solana. Some assets may be recoverable if centralized exchanges or bridge operators cooperate. History suggests partial recovery at best for exploits involving admin key compromise.
For affected users, the advice is clear. Do not deposit into Drift. Revoke any remaining approvals and follow only the official @DriftProtocol account on X for updates.
The broader Solana DeFi ecosystem is now on high alert. Expect audits, multisig upgrades, and timelock discussions across major protocols in the weeks ahead. This exploit is a stark reminder that even battle-tested DeFi platforms remain vulnerable when admin key security fails.
This article is for informational purposes only and does not constitute financial advice. Always do your own research before making investment decisions.
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Drift Protocol Hacked for $270M in Solana’s Biggest DeFi Exploit
Steakhouse Warns Users of Phishing Attack on Domain
P2P.me Faces Insider Trading Claims After Own Raise Bet
ZachXBT Exposes Crypto Scam Network Fueling Fake War Panic
Drift Protocol Hacked for $270M in Solana’s Biggest DeFi Exploit
Steakhouse Warns Users of Phishing Attack on Domain
P2P.me Faces Insider Trading Claims After Own Raise Bet
ZachXBT Exposes Crypto Scam Network Fueling Fake War Panic
