Drift Protocol Hit by $285M Exploit in 2026’s Largest DeFi Breach
Solana-based decentralized finance platform Drift Protocol confirmed it is undergoing an “active attack” on Wednesday, April 1, 2026. This confirmation came after blockchain analysts detected approximately $285 million in unauthorized withdrawals from the protocol’s vaults.
The exploit, which the company emphasized was “not an April Fools joke,” stands as the largest DeFi hack of 2026 to date. The attack initiated around 4 PM UTC when suspicious transactions relocated massive quantities of USDC, SOL, wrapped Bitcoin, and other tokens to a single wallet address. In response, Drift immediately suspended all deposits and withdrawals and collaborated with security firms, bridges, and exchanges to manage the incident.
As per blockchain security researchers, the attacker exploited governance controls and oracle price feeds rather than a complex code vulnerability. The breach reportedly involved a compromised admin key and manipulated withdrawal limits. Independent researchers confirmed the attack leveraged a multisig migration that had been altered to 2/5 without a timelock weeks earlier.
The total value locked in Drift Protocol plummeted from approximately $550 million to under $300 million in less than an hour. The platform’s native DRIFT token experienced a drop of more than 40% during the incident. Multiple other Solana protocols with exposure to Drift liquidity either paused operations or assessed losses, with some promptly reimbursing users from team funds.
The stolen funds were converted into USDC and SOL, then partially bridged to Ethereum using Circle’s Cross-Chain Transfer Protocol. Subsequently, portions were converted into ETH and moved through centralized exchanges.
Source: Yahoo Finance