Drift Protocol Hack Drains $285M, Hitting Solana DeFi Hard

• Drift exploit drained $285M via admin control, causing TVL drop, token crash, and halted activity across Solana DeFi.

• Attack used oracle manipulation and weak governance to inflate collateral and withdraw real assets fast.

• Funds moved cross-chain to Ethereum, complicating recovery as investigations and law enforcement efforts continue.

A sudden exploit at Drift Protocol on April 1, 2026, wiped out about $285 million and rattled Solana’s DeFi sector within minutes. Attackers seized admin control, drained vault funds, and triggered sharp declines in trading activity, open interest, and total value locked, forcing multiple platforms to halt operations and assess exposure.

Exploit Triggers Fast Market Pullback

Drift Protocol confirmed the attack shortly after unusual on-chain activity surfaced. The team quickly suspended deposits and withdrawals to contain the breach. However, the damage had already spread across the ecosystem.

Within an hour, Drift’s total value locked dropped from roughly $550 million to below $300 million. At the same time, the DRIFT token fell more than 40%. Consequently, traders reduced activity across Solana-based DeFi platforms.

Several connected protocols reacted immediately. PiggyBank_fi covered about $106,000 in exposure using internal funds. Meanwhile, Reflect Money paused minting and redemptions, while Ranger Finance halted key functions due to potential losses.

Attack Exploited Governance and Pricing Gaps

Investigators later detailed how the attacker executed the exploit. According to on-chain data, the breach combined a compromised admin key, manipulated oracle pricing, and weak governance controls.

The attacker created a token called CarbonVote Token and inflated its value using wash trading. Over time, price oracles picked up the artificial valuation, treating it as legitimate market data.

On April 1, the attacker listed the token on Drift using admin privileges. They then raised withdrawal limits and deposited inflated collateral. This allowed rapid borrowing of real assets.

In about 12 minutes, the attacker completed 31 withdrawals, draining USDC, SOL, and other assets. Notably, the system required only two of five signers and lacked a timelock.

Funds Moved Quickly Across Chains

After the exploit, the attacker converted assets into USDC and moved funds off-chain. Blockchain records show transfers to Ethereum using Circle’s Cross-Chain Transfer Protocol.

On Ethereum, portions were swapped into ETH, while others passed through exchanges. This movement complicated tracking and recovery efforts.

Meanwhile, investigator ZachXBT criticized Circle’s response. He noted that large USDC transfers occurred during U.S. hours without being frozen. Drift’s team continues working with law enforcement and security partners as investigations proceed.