Bittensor(TAO) $337.83 +1.79%
Tensor(TNSR) +
RaveDAO(RAVE) $0.66 +113.51%
Enjin Coin(ENJ) $0.63 -4.77%
StakeStone(STO) $0.55 +52.74%
Toncoin(TON) $1.27 +1.76%
Bitcoin(BTC) $72,341.29 +1.28%
World Liberty Financial(WLFI) $0.09 -0.42%
Blur(BLUR) $0.68 -4.84%
Ultima(ULTIMA) $5,862.32 +6.90%
Irys(IRYS) $0.05 +1.11%
Particle Network(PARTI) +
Tria(TRIA) +
Dymension(DYM) $6.67 -9.31%
Gravity (by Galxe)(G) +
Velo(VELO) $0.01 +5.28%
Bittensor(TAO) $337.83 +1.79%
Tensor(TNSR) +
RaveDAO(RAVE) $0.66 +113.51%
Enjin Coin(ENJ) $0.63 -4.77%
StakeStone(STO) $0.55 +52.74%
Toncoin(TON) $1.27 +1.76%
Bitcoin(BTC) $72,341.29 +1.28%
World Liberty Financial(WLFI) $0.09 -0.42%
Blur(BLUR) $0.68 -4.84%
Ultima(ULTIMA) $5,862.32 +6.90%
Irys(IRYS) $0.05 +1.11%
Particle Network(PARTI) +
Tria(TRIA) +
Dymension(DYM) $6.67 -9.31%
Gravity (by Galxe)(G) +
Velo(VELO) $0.01 +5.28%

How Hackers Stole $285 Million From Drift Protocol in 2026’s Biggest DeFi Breach

By CoinstelegramEng
7 days ago
1INCH DRIFT DEFI USDC DEX
Send

Drift Protocol, a leading perpetual futures DEX on Solana, suffered a major security breach on April 1, with attackers extracting roughly $285 million from its main vault.

On-chain data shows the protocol’s core vault collapsing from around $309 million to just $41 million in a matter of minutes. The attacker targeted a wide range of assets, including tens of millions in USDC, JLP, and multiple Solana-based tokens.

The exploit immediately placed the incident among the largest DeFi losses recorded this year, raising fresh concerns around governance-level attack surfaces rather than smart contract vulnerabilities.

Early signs of the exploit were first spotted by Mert Mumtaz, CEO of Helius, who raised concerns publicly before the full incident became clear.

In a post on X, he noted that it was not fully certain yet, but Drift might be getting exploited, urging users to monitor their positions. The alert came as unusual movements began surfacing on-chain, giving early observers a narrow window to react before the vault was fully drained.

How the Exploit Happened

According to the protocol team, the breach did not originate from a flaw in Drift’s smart contracts or leaked private keys.

Instead, the attacker gained control at the governance layer.

After securing unauthorized access, the exploiter executed a rapid administrative transfer, effectively taking over protocol-level permissions. This control allowed them to introduce a malicious asset and disable existing withdrawal safeguards, opening the door to unrestricted fund extraction.

This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.

The structure of the attack suggests premeditation rather than opportunistic exploitation — with infrastructure prepared in advance to execute multiple steps in quick succession once access was obtained.

Laundering Route: From Solana to Ethereum

Once the vault was drained, the attacker moved quickly to disperse and obfuscate funds. The sequence unfolded in several stages:

– Large portions of assets were swapped into USDC
– Funds were bridged from Solana to Ethereum via Circle’s Cross-Chain Transfer Protocol (CCTP)
– ETH was acquired through aggregators such as 1inch
– Thousands of ETH accumulated across Ethereum wallets within hours

At peak activity, trackers observed flows equivalent to over $40 million moving through Ethereum during the laundering phase.

Despite the scale and visibility of the transfers, a significant portion of the funds successfully exited the Solana ecosystem before any intervention could take place.

Circle Criticized as Funds Move Uninterrupted

The incident quickly expanded beyond a protocol-level failure into a broader industry debate.

On-chain investigator ZachXBT publicly criticized Circle for failing to freeze stolen funds, despite having visibility into large-scale USDC movements over several hours.

Why should crypto businesses continue to build on Circle when a project with 9 fig TVL could not get support during a major incident?

According to available data, more than $230 million in USDC was bridged through CCTP across over 100 transactions, during a window in which intervention may have been possible.

The criticism highlights a growing tension in crypto: while stablecoins like USDC are centrally issued and theoretically controllable, enforcement appears inconsistent — reigniting concerns about selective intervention and operational reliability in crisis scenarios.

Protocol Response and Ongoing Investigation

In response to the breach, Drift Protocol has frozen remaining functionality and removed the compromised wallet from its multisig setup.

The team stated that deposits across trading, lending, and vault systems were impacted, while certain assets — including validator-staked SOL and insurance fund reserves — remain unaffected.

Drift is now working with security firms, bridges, exchanges, and law enforcement to trace the stolen funds and attempt recovery.

The exploit underscores a critical shift in DeFi risk models: as smart contract security improves, attackers are increasingly targeting governance and operational control layers — where a single point of failure can still unlock systemic damage.

Related News
Twitter-owned short video app Vine set to return in AI form after 8 years
Bullish MACD Flash: Is DOGE Set to Hit $0.70 Next?
Google unveils new AI Community Center in Accra
27 Shocking Signs You’re Trapped in a Market Bubble Right Now!
Ethereum Skyrockets, Powell Under Attack, + MEGA IPOs Incoming
Nigeria Stablecoin Summit: Stakeholders champion real-world use cases for explosive adoption
Court affirms FIRS’ authority to levy VAT on Bolt’s ride-hailing and food vendor services
Neobanks vs. Traditional Banks in Nigeria: Who is winning?
Nigeria’s 90,000km fibre
NLC calls for legislation to regulate Uber, Bolt, inDrive operations in Lagos