Massive $286 Million Breach Hits Drift Protocol on Solana
We have always followed the principles of transparency and clear information. Some of our content includes affiliate links, and we may earn a small commission through these partnerships. These partnerships do not influence our editorial independence or opinion. By using our site, you accept our privacy policy and terms and conditions.
A presale and tokenomics specialist, Sofia evaluates new crypto projects with the analytical rigor of her Bocconi background. Having reviewed over 200 launches, she excels…
Cryptocurrency is a high-risk asset class, and investing carries significant risk, including the potential loss of some or all of your investment. The information on this website is provided for informational and educational purposes only and does not constitute financial, investment, or gambling advice. Cryptowinx does not endorse any specific exchange or gaming platform. For more details, please read our terms and full disclaimer.
Cryptowinx navigates the digital asset universe with a dynamic, forward-looking vision. Throughout our evolution, we have followed every market cycle, from vertical rises to corrections, always remaining a solid point of reference for our community. Our team is made up of industry experts and analysts who experience the blockchain ecosystem daily: we constantly monitor Bitcoin’s stability, study the expansion of the Ethereum ecosystem, and analyze the new frontiers of crypto casinos. We are committed to absolute editorial integrity, separating the signal from the noise through rigorous fact-checking and multi-perspective news analysis. In a landscape where innovations emerge in moments, our mission is to simplify complex concepts and offer transparency into what is established and what is still experimental.
Learn more Cryptowinx
A staggering breach occurred on April 1, 2026, on the Drift Protocol, a leading decentralized perpetual futures exchange operating on the Solana blockchain. This incident resulted in a loss of $286 million within just 12 minutes, raising alarms across the cryptocurrency community.
Drift Protocol had seen its total value locked (TVL) plummet dramatically from about $550 million to roughly $232 million overnight. The situation escalated rapidly, sending the value of the DRIFT token spiraling down by as much as 42% shortly thereafter.
The exploitation did not stem from a conventional code vulnerability but was orchestrated through a complex strategy involving social engineering and a system known as durable nonces. The assailants reportedly spent three weeks preparing before launching their attack.
It appears that the trouble began on March 11 when the hackers withdrew Ethereum from the privacy protocol Tornado Cash. This action enabled them to introduce a new token, carbonvote (CVT), into the marketplace just a day later. Intriguingly, the deployment coincided with an unusual timestamp, hinting at a connection with DPRK, which immediately triggered concerns among analysts.
The attackers cleverly created fake collateral by seeding minimal liquidity for CVT on the Raydium decentralized exchange. Utilizing wash trading, they managed to project a valuation close to $1.00, which deceived Driftβs oracles into accepting their collateral as legitimate.
According to a statement from the Drift team, a malicious entity gained unauthorized entry into the protocol, leveraging this novel technique to assume control over the Drift Security Councilβs administrative functions. They noted that the execution of the attack involved pre-signed transactions that had been covertly prepared in advance.
Between March 23 and March 30, the hackers managed to convince members of Drift’s Security Council to pre-approve what appeared to be ordinary transactions. This manipulation enabled the attackers to execute their scheme without delay once the protocol eliminated a timelock that would have otherwise provided necessary safeguards.
When the attack was finally launched, the hackers flagged CVT as valid collateral, significantly increased withdrawal limits, and ultimately drained the protocol’s assets. In just over ten minutes, they secured millions in various tokens, including JLP tokens and USDC, among others.
The stolen tokens were then swiftly converted to USDC and laundered through multiple exchanges, with some funds traced back to Binance. Following the breach, Drift communicated via on-chain messages suggesting they were ready to negotiate with the perpetrators.
Security experts have linked the attack to the infamous Lazarus Group, a hacking organization with ties to North Korea. Their methodical approach and the use of social engineering mirrors previous large-scale attacks, such as the 2022 Ronin bridge incident, further reinforcing the connection.
The ramifications of this hack extended beyond Drift, impacting over 20 different protocols. Numerous projects reported substantial losses, prompting some to halt essential operations like deposits and withdrawals to protect user funds.
Drift’s recent decision to remove essential safeguards, like the timelock, has highlighted the critical need for robust security measures in decentralized finance. Experts emphasize that such mechanisms are vital for maintaining trust within the community and protecting against future vulnerabilities.
The immediate future for Drift Protocol hangs in balance, as its ability to regain user confidence and develop a strategy for recovery will be crucial in the aftermath of this unprecedented breach.
Leave the reaction
Sofia Russo
Commentaries
Add your comment
Fill in necessary fields and publish