On April 1, the DeFi platform Drift Protocol on Solana fell victim to a hacking attack, resulting in the theft of at least $280 million.
We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds into the protocol while we investigate. This is not an April Fools joke. Proceed with caution until further notice. We’ll provide additional updates from this account.
— Drift (@DriftProtocol) April 1, 2026
“We see unusual activity and are currently investigating. Please do not deposit any funds on the platform. This is not an April Fools joke. Be cautious until further notice,” the project team stated.
Timeline
According to developers, the hacker had been preparing for the operation for several days. On March 23, they created four wallets with a delayed transaction mechanism (durable nonces). Two of these wallets were linked to members of the Drift Security Council, while the other two were under the hacker's control.
Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.
— Drift (@DriftProtocol) April 2, 2026
This was a highly sophisticated operation that appears to have involved…
At least two of the five signers approved transactions from these wallets. Developers suspect the hacker employed complex social engineering techniques.
Days later, the project conducted a scheduled rotation in the Council. In response, on March 30, the hacker created a new wallet for the updated multi-signature setup.
The attack occurred on April 1. Initially, the Drift team executed a legitimate test withdrawal from the insurance fund. About a minute later, the hacker activated two pre-signed transactions. One created and approved a malicious transfer of rights, while the other executed it.
Consequences
The attack affected all types of deposits—loans, trading, and those in storage. DSOL tokens outside the Drift ecosystem and the Insurance Fund remained untouched. For security reasons, the protocol froze other functions, updated the multi-signature, and removed the compromised wallet.
The project is currently collaborating with cybersecurity experts, cross-chain bridges, exchanges, and law enforcement to track and block the stolen funds.
Among the stolen assets were wrapped versions of Bitcoin, Jito tokens, the meme coin Fartcoin, other altcoins, and stablecoins pegged to the US dollar, euro, and Japanese yen. After the theft, the hacker distributed the funds across several wallets.
Assets stolen in dollars:
— Vladimir S. | Officer's Notes (@officer_secret) April 1, 2026
$5.3M USDS
$60.4M USDC
$5.65M USDT
$430K JUP
$540K USDY
$590K ZBTC
$680K EURC
$1M BSOL
$2.5M INF
$2M MSOL
$3.3M SYRUPUSDC
$4.1M FARTCOIN
$4.4M WBTC
$3.6M JITOSOL
$4.7M WETH
$4.5M DSOL
$11.3M CBBTC
$155.6M JPL
In the wake of the incident, the native token of the protocol, DRIFT, plummeted nearly 37% from $0.07 to $0.04. Its market capitalization nearly halved from $41 million to $25 million.
Source: CoinGecko.The TVL of Drift remains around $245 million.
Source: DefiLlama.Users are skeptical about the project's recovery prospects post-hack. Statistics suggest that major attacks are considered a “death sentence” for 80% of protocols. The incident with Drift will be among the largest in the industry.
I think Drift just… dies here?
— Eddie (@DancingEddie_) April 1, 2026
ByBit was able to get a billion dollar loan immediately after their hack because their yearly revenue numbers justified it
Drift doesn't make nearly enough money for a company/bank to comfortably underwrite a loan to fill the hole here.
rip :/ pic.twitter.com/RsKoGYRZlU
“I think Drift just… dies here? Bybit was able to secure a billion-dollar loan immediately after their hack because their annual revenue justified such amounts. Drift, however, doesn’t earn enough for any company or bank to comfortably underwrite a loan to cover such a gap,” a community member named Eddie commented.
Circle Controversy
Members of the crypto community criticized Circle, the company behind USDC, for its slow response to the Drift hack. Delphi Digital co-founder Tommy Shaughnessy stated that the issuer failed to promptly freeze the funds associated with the attack.
Circle not freezing the USDC is hilarious because we know it’s centralized but they’re like nah, we’ll let the money freely flow to North Korea
— Tommy (@Shaughnessy119) April 2, 2026
I like USDC since it’s a programmable stablecoin for all of DeFi and enables innovation
But we can freeze the money flowing to NK
“The situation where Circle did not freeze USDC is absurd. Everyone knows the stablecoin is centralized, yet the company seems to allow funds to flow freely—even to North Korea,” he remarked.
On-chain detective ZachXBT echoed similar sentiments, emphasizing that the hacker transferred hundreds of millions of dollars from Solana to Ethereum during US business hours, and Circle did nothing to intervene.
Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.
— ZachXBT (@zachxbt) April 2, 2026
Value was moved and nothing was done yet again.
Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO
As of the time of writing, the company had still taken no action.
Recall that at the end of March, ZachXBT accused Circle of mistakenly freezing 16 wallets.