Deposits and withdrawals halted on the Solana-based decentralized derivatives exchange Drift just after a $285 million exploit, the second-largest exploit in Solana history.
What seemed like a cruel April Fools’ prank on April 1, 2026, turned out to be a premeditated hack that rocked the Solana ecosystem, resulting in a $285 million loss.
Drift acknowledged the exploit on its X account after spotting unusual activity around 4:00 PM UTC. This exploit now ranks as the second most significant hack in Solana’s history. It follows the 2022 Wormhole bridge incident, which resulted in a $326 million in losses.
The Drift protocol offers borrowing, lending, perpetual trading, spot trading, and yield-bearing deposits, making itself a decentralized alternative to centralized trading exchanges.
Half the liquidity wiped out
The exploit took away more than 50% of the protocol’s liquidity. The Drift protocol had around $550 million in TVL (Total Value Locked), making it one of the top platforms on Solana. After the exploit, major vaults in the smart contract lost millions of funds, causing the Total value locked to crash hard.
The wallet was created roughly 8 days before the attack and was dormant until being activated about 18 hours before the exploit.
Drift had recently migrated to a new 2/5 multisig security setup with a 0-second timelock just a week prior. The exploit was not just a smart contract vulnerability or stolen private keys; the hacker exploited the Drift Security Council’s administrative powers using durable nonces to execute pre-signed transactions.
This control gave attackers access to drain the deepest liquidity vaults, including the JLP Delta Neutral, SOL Super Staking, and BTC Super Staking pools.
The single largest transfer in the attack is approximately 41.7 million JLP tokens valued at around $155 million. Other assets included large amounts of SOL, USDC, cbBTC, wBTC, USDT, and USDS. The entire drainage phase happened in roughly ten seconds after the attacker created fake spot markets for low liquidity assets like CarbonVote token (CVT), and disabled critical safeguards such as circuit breakers and withdrawal limits.
DRIFT token collapses amid liquidity drain
The exploit brought down the protocol’s native asset. After the $285 million drain, the DRIFT token price plummeted, making this one of the most severe security breaches in blockchain history. The DRIFT token went down by 41% in the last 24 hours, breaking through key support levels.
The Drift team has acted swiftly to contain the damage, pausing all deposits and withdrawals while freezing remaining protocol functions. Currently, it is coordinating with security firms like PeckShield and Arkham to track the funds, which have already begun moving.
Stolen funds on the move
The attacker used the Jupiter aggregator to swap stolen assets into USDC before bridging them to the Ethereum mainnet via Wormhole and deBridge. On Ethereum, the exploiter has been heavily purchasing ETH, with one wallet flagged for holding nearly 20,000 ETH.
While the protocol’s insurance fund and dSOL assets remain safe, the team is warning users to revoke all smart contract permissions via tools in the Phantom wallet until a full patch is confirmed. This stands as the toughest test for Drift since its launch, as the community waits to see if stablecoin issuers like Circle can freeze the stolen funds before they disappear into mixers.
