April 2, 2026

Once again, something happened on the chain. Today, the perpetual and lending platform Drift on the SOL chain was hacked, with approximately $250 million worth of assets transferred. It appears to be a planned hacking event that lasted over 20 days, and the attacker is suspected to have North Korean connections. When I first started using the Drift platform, I played quite a bit. At that time, it was quite good for arbitrage and fee farming on the platform. The most funds accumulated was during the surge of Dogecoin, which was about two years ago. However, since there was no longer any arbitrage space for fees later on, my demand for pure contract trading was limited. Plus, with the emergence of new perpetual contracts like HYPE, I gradually withdrew all my funds. It was a close call, but no serious loss.

According to analysis, this was an attack targeting the lending system. In simple terms, the attacker manipulated the contract's control permissions, using a worthless fake coin A as collateral, then borrowed out all the valuable assets in the vault such as JLP, ETH, USDC, etc. Finally, through cross-chain transfers, coin washing, and other operations, they completed the complete transfer of funds. Because this attack involved a leaked management private key, it suggests at least social engineering phishing. Additionally, since the core team members just resigned last month, combined with the sharp decline in market returns during the bear market, there is suspicion that this could involve "insider theft."

Since DeFi Summer, on-chain entrepreneurship has always been a hot topic, but various projects have also been repeatedly hacked, especially lending platforms. The $250 million theft from Drift is a significant amount, and this amount also