Drift Protocol, a platform built on Solana, experienced a massive security breach in 2026, resulting in a loss of almost $300 million. Experts describe the attack as highly complex and it highlights the increasing risk of hackers directly targeting individuals within the cryptocurrency world.
Solana DEX Loses $285M On April Fool’s Day
Drift Protocol, a decentralized exchange built on Solana, suffered a major security breach on Wednesday, resulting in the theft of hundreds of millions of dollars. The issue came to light after unusual activity was spotted on the blockchain, and Drift confirmed the attack, immediately halting all deposits and withdrawals.
A recent attack lasted under 20 minutes and resulted in the theft of approximately $285 million worth of various cryptocurrencies – including USDC, JPL, USDT, JUP, USDS, WBTC, and WETH – from about 20 different digital wallets. This is the biggest crypto hack of 2026 so far, exceeding the $235 million stolen in the WazirX hack.
As an analyst, I’ve been tracking the fallout from the recent hack, and it’s been significant. We’ve seen the total value locked (TVL) of the affected Solana project cut in half, dropping from around $550 million to $252 million based on data from DeFiLlama. The protocol’s native token, DRIFT, has also taken a hit, losing almost 40% of its value in the last day.
As an analyst, I’ve been tracking this exploit closely. It happened incredibly fast – within hours, the attacker converted $270.9 million into USDC. They then moved those funds from the Solana blockchain to Ethereum using the CCTP TokenMessengerMinterV2 bridge, and quickly used the USDC to purchase around 129,000 ETH, spreading the purchases across numerous different wallets to obscure their activity.
Drift announced on Thursday that hackers gained access to their system using a new type of attack. This allowed them to quickly seize control of the administrative powers of Drift’s security team.
Solana’s durable nonces offer a way to create transactions that don’t expire quickly like standard transactions. This allows users to sign transactions in advance for use later, sign them offline, or set up more complicated multi-signature processes.
The operation was carefully planned and took weeks to prepare, with transactions deliberately delayed using special accounts, according to the post.
Malicious Actors Targeting Humans, Not Smart Contracts
The decentralized exchange built on Solana clarified that the recent issue wasn’t caused by any flaws in its code or smart contracts. They also confirmed they found no indication that user security keys were stolen.
The project highlighted that the attack happened because approvals for transactions were gained without permission or through deception *before* the transactions took place. This was likely achieved using a combination of technical methods involving unique transaction identifiers and clever manipulation of people.
Lily Liu, head of the Solana Foundation, responded to the recent incident, calling it a setback for the entire Solana community. She explained that while the smart contracts themselves functioned as expected, the problem stemmed from vulnerabilities in how people handle security and were tricked through social engineering, rather than flaws in the code itself.
Ledger’s CTO, Charles Guillemet, believes the way Drift was attacked is similar to the method used in the $1.4 billion hack of Bybit, which authorities have connected to North Korean hackers. He suggests the attackers gained access to multiple computers used by people who authorize transactions, likely over a long period, and tricked those authorized users into approving the fraudulent activity.
This attack follows a pattern similar to the Bybit hack from last year, which experts believe was carried out by groups connected to North Korea. We’re seeing a trend: attackers are carefully and skillfully infiltrating systems by targeting people and processes, rather than directly hacking the underlying code of smart contracts.
Guillemet said the incident should be a warning to the industry to improve its security practices. He explained that strong security isn’t just about checking code, but also about providing clear and timely information to users and operators so they can make smart choices about what they approve.
Read More
- All Skyblazer Armor Locations in Crimson Desert
- All Shadow Armor Locations in Crimson Desert
- How to Get the Sunset Reed Armor Set and Hollow Visage Sword in Crimson Desert
- Marni Laser Helm Location & Upgrade in Crimson Desert
- All Golden Greed Armor Locations in Crimson Desert
- All Helfryn Armor Locations in Crimson Desert
- Best Bows in Crimson Desert
- Keeping Large AI Models Connected Through Network Chaos
- All Icewing Armor Locations in Crimson Desert
- How to Craft the Elegant Carmine Armor in Crimson Desert
2026-04-03 12:05