Solana-Based Drift Protocol Suffers $285M Hack, | Solana News

Solana-based Drift Protocol has suffered the most important exploit of 2026 thus far, shedding almost $300 million in a “highly sophisticated operation” that has raised issues concerning the growing risk of human-targeted assaults within the crypto space.

Related Reading

Solana DEX Loses $285M On April Fool’s Day

On Wednesday, Solana-based decentralized exchange (DEX) Drift Protocol was the sufferer of an exploit that stole a whole lot of tens of millions of {dollars} from its vaults. After online studies flagged uncommon on-chain exercise yesterday afternoon, Drift’s official channels confirmed the assault, shortly suspending deposits and withdrawals.

According to studies, the assault lasted much less than 20 minutes and stole round $285 million in a number of property, together with USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from almost 20 vaults. This marks the most important crypto exploit of 2026 thus far, and one of the most important hacks within the industry, simply above WazirX’s $235 million hack.

The hack worn out half of the Solana-based project’s complete worth locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama knowledge. Drift protocol’s token, DRIFT, additionally plunged, retracing almost 40% over the previous 24 hours.

Within hours, the exploiter had swapped $270.9 million into USDC, bridged them from Solana to Ethereum by way of the CCTP TokenMessengerMinterV2, and bought 129,000 ETH, splitting them throughout a number of wallets.

In a Thursday post, Drift shared the main points of the incident, affirming that “a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.”

Solana’s sturdy nonces are an superior mechanism that enables transactions to bypass the standard short expiration date of common transactions. This permits customers to pre-sign transactions for future execution, offline signing, or complicated multisig workflows.

“This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution,” the post continued.

Malicious Actors Targeting Humans, Not Smart Contracts

The Solana-based DEX emphasised that the exploit was not the end result of a bug in Drift’s applications or sensible contracts, noting that they discovered no proof of compromised see phrases both.

“The attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” the project underscored.

Lily Liu, President of the Solana Foundation, addressed the incident, asserting that it’s a blow to the entire Solana ecosystem. Liu identified that “Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than code exploits.”

Related Reading

Ledger CTO Charles Guillemet linked Drift’s assault technique to Bybit’s $1.4 billion hack, which was attributed to North Korean hacking teams. As he defined, the attackers probably compromised a number of machines belonging to multisig signers by means of long-term infiltration and misled operators into approving the malicious transactions.

This modus operandi is just like the Bybit hack final 12 months, broadly attributed to DPRK-linked actors. The sample is turning into acquainted: affected person, refined supply-chain-level compromise focusing on the human and operational layer, not the sensible contracts themselves.

Guillemet affirmed that the incident is “yet another wake-up call for the industry” to raise the bar on security. “Ultimately, security is not just about code audits. It’s about giving operators and users the right information at the right time, so they can make informed decisions about what they sign,” he concluded.

Featured Image from Unsplash.com, Chart from TradingView.com