Drift Protocol Loses $285 Million in Sophisticated DeFi Exploit
Summary
Solana-based decentralized exchange Drift Protocol suffered a $285 million exploit on April 1, 2026, making it the largest crypto hack of the year. The attack combined oracle price manipulation, a compromised admin key, and social engineering of multisig signers. North Korean hackers are suspected to be responsible.
Threat Analysis
On April 1, 2026, Drift Protocol — a prominent Solana-based decentralized perpetuals exchange — lost approximately $285 million in user assets in a sophisticated multi-vector attack. This is the largest crypto exploit of 2026 and the second-largest in Solana history.
Attack Mechanism: The attacker created a fake token "CarbonVote Token" (CVT) weeks prior, using wash trading to artificially inflate its price history. On the attack day, a compromised admin key was used to list CVT as a valid market on Drift while withdrawal limits were raised to extreme levels. The attacker deposited hundreds of millions of CVT tokens as collateral, exploiting manipulated oracle prices to drain real assets (USDC, SOL, JLP) through 31 rapid withdrawals in ~12 minutes.
Social Engineering Component: Between March 23-30, the attacker used social engineering to persuade Drift Security Council multisig signers to pre-sign transactions containing hidden authorizations for critical administrative actions.
Impact: Drift's TVL dropped from ~$550M to under $300M within an hour. The DRIFT token fell over 40%. Multiple connected Solana protocols reported exposure.
Suspected Attribution: TRM Labs investigation suggests North Korean state-sponsored hackers are likely responsible.
Recommended Actions: DeFi protocols should implement timelocks on governance changes, require multi-party review of admin key operations, and conduct regular security audits of oracle integrations.