Drift Protocol, one of many main perpetual decentralized exchanges (DEX) on Solana, was reportedly exploited on April 2, 2026, with complete estimated damages exceeding $270 million. In accordance with on-chain knowledge, this quantity is equal to greater than 50% of the protocol’s complete worth locked (TVL), marking one of many largest exploits on the Solana.
What occurred
The primary indicators emerged when on-chain knowledge recorded uncommon capital outflows from Drift Protocol’s vaults inside a really quick timeframe. A number of giant transactions had been executed consecutively, all directed to a single pockets deal with: HKgZ4K.
In a publish final night time, Drift Protocol confirmed that the platform is dealing with an ongoing assault and has briefly suspended essential operations to restrict injury.
Drift Protocol is experiencing an energetic assault. Deposits and withdrawals have been suspended. We’re coordinating with a number of safety corporations, bridges, and exchanges to include the incident. This isn’t an April Fools joke. We’ll present further updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
Messages from the group point out that the incident was detected nearly in real-time, as deposit and withdrawal actions had been instantly halted, and the venture started coordinating with numerous stakeholders to regulate the state of affairs.
Preliminary reviews didn’t make clear the particular reason for the incident. In accordance with the newest replace on X, Drift Protocol acknowledged that the assault didn’t stem from a sensible contract bug, however was associated to the attacker gaining unauthorized entry to the governance system by means of Solana’s “sturdy nonce” mechanism.
Earlier at present, a malicious actor gained unauthorized entry to Drift Protocol by means of a novel assault involving sturdy nonces, leading to a speedy takeover of Drift’s Safety Council administrative powers.
This was a extremely subtle operation that seems to have concerned…
— Drift (@DriftProtocol) April 2, 2026
In accordance with the venture, the attacker used pre-signed transactions mixed with gathering adequate signatures from the multisig to execute a malicious admin rights switch, thereby gaining management over protocol-level permissions. This course of is believed to have been ready for weeks and executed in simply minutes.
Fund Stream & Stolen Belongings
Just like earlier large-scale DeFi exploits, the attacker executed constantly giant transactions inside minutes.
The Drift Protocol exploiter is swapping the $270M+ stolen belongings into $USDC, then bridging to #Ethereum to purchase $ETH. 🚨
To this point, they’ve purchased 19,913 $ETH ($42.6M).https://t.co/I0kfOvxqRphttps://t.co/C5nLmNfYsM pic.twitter.com/WesXqfQnsn
— Lookonchain (@lookonchain) April 1, 2026
Particularly, after withdrawing belongings from Drift Protocol, nearly all of the funds had been rapidly transformed into USDC earlier than being bridged from Solana to Ethereum and subsequently used to buy ETH. In accordance with Lookonchain, the attacker purchased roughly 19,913 ETH (equal to about $42.6 million) within the preliminary stage, then continued to build up. At the moment, the exploiter’s pockets has practically accomplished the conversion of all stolen belongings to Ethereum, holding roughly 130,000 ETH, valued at over $270 million.
Drift Protocol seems to have been exploited, with over $270M in belongings suspiciously transferred to pockets HkGz4K. 🚨
That is loopy!https://t.co/iWVPzvDDhx pic.twitter.com/AQCa5q4b3M
— Lookonchain (@lookonchain) April 1, 2026
Notably, about $155 million in JLP — the token representing the system’s liquidity — was a part of the full $270 million stolen, indicating that the exploit immediately impacted Drift’s core liquidity construction.
Impression: TVL, Value & Customers
Drift Whole Worth Lock chart. Supply: DeFiLIama
Earlier than the incident, Drift Protocol’s TVL fluctuated between $500M and $600M. After the exploit, this determine plummeted to roughly $252 million, representing a decline of over 50%. This pattern not solely displays the belongings immediately withdrawn by the attacker but in addition exhibits that the remaining capital is leaving the protocol as cautious sentiment grows.
DRIFT worth chart (4H). Supply: TradingView
Together with the drop in liquidity, the DRIFT token reacted negatively nearly instantly, falling about 15%–20% shortly after information of the exploit unfold, all the way down to across the $0.45–$0.50 vary.
Just lately, the Drift Protocol acknowledged that deposits associated
DRIFT worth chart (4H). Supply: TradingView
to borrowing, lending, vaults, and buying and selling actions might all be affected. Nonetheless, the particular scale of harm for every person group has not but been introduced intimately.
What’s Subsequent
At the moment, fund-tracking efforts are centered on the deal with HKgZ4K on Ethereum, the place the majority of the belongings had been moved following the exploit.
Nonetheless, the historical past of DeFi hacks means that the chance of asset restoration is commonly fairly low, particularly as soon as the attacker has accomplished the conversion and dispersed the belongings by means of a number of steps.
Drift Protocol acknowledged they’re coordinating with safety corporations, bridges, exchanges, and authorities to trace and try and freeze the stolen belongings.
This occasion as soon as once more exhibits that safety danger stays one of many greatest points for DeFi, particularly as programs change into more and more complicated and cross-chain connectivity expands.
