Solana DeFi Platform Drift Suffers Massive $270M Exploit, Halts Operations

Solana’s prominent decentralized finance (DeFi) platform, Drift Protocol, has confirmed a significant security breach, resulting in an estimated loss of at least $200 million, with some projections indicating the figure could surge to $270 million. In the early hours of today, April 2nd, Drift issued an urgent alert, acknowledging an ongoing attack and promptly suspending all deposit and withdrawal functionalities across its platform.

The platform took to its official X (formerly Twitter) account to inform its community, stating: “We have detected abnormal activity within the protocol and are currently investigating. Please refrain from depositing funds into the protocol during this investigation. This is not an April Fools’ joke. We urge everyone to remain vigilant and await further notifications.”

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj

— Drift (@DriftProtocol) April 1, 2026

Immediate Response and Community Impact

Drift emphasized that its team is actively collaborating with multiple cybersecurity firms, cross-chain bridges, and major cryptocurrency exchanges in a concerted effort to contain the incident and minimize further losses. The news rapidly reverberated through the crypto community, with several users reporting unusual positions and anomalies within their accounts.

According to the Rekt leaderboard, this exploit could mark the second-largest security incident in the Solana ecosystem’s history, surpassed only by the infamous Wormhole cross-chain bridge hack, which saw $326 million stolen.

Hacker’s Modus Operandi and Stolen Assets

On-chain data reveals that the attackers primarily targeted several key liquidity pools on the Drift platform, including JLP Delta Neutral, SOL Super Staking, and BTC Super Staking. A single transfer alone involved 41.7 million JLP tokens, valued at approximately $155 million. Other assets pilfered in the attack include SOL, USDC, cbBTC, and wBTC.

In the wake of the attack, Drift Protocol’s native token, $DRIFT, experienced a precipitous decline, plummeting over 38%. At the time of writing, its price was oscillating around the $0.04 mark.

Further analysis by Arkham data indicates that over $250 million in assets were initially transferred from Drift to an intermediary wallet, subsequently dispersed across numerous different addresses. Lookonchain’s monitoring further detailed the attacker’s actions: the stolen assets were converted to USDC via Jupiter, then bridged to the Ethereum network, where they were ultimately used to acquire Ethereum (ETH).

As of the latest updates, the hacker has successfully consolidated all stolen funds into 129,066 ETH, amounting to approximately $273 million.

Update:

The @DriftProtocol exploiter has now swapped all stolen assets ($270M+) into 129,066 $ETH($273M).https://t.co/ZKbh8J7jRRhttps://t.co/PElnow6rq2 pic.twitter.com/FQTcmtBm1b

— Lookonchain (@lookonchain) April 2, 2026

About Drift Protocol and Investigation Status

Drift is recognized as an open-source decentralized exchange, particularly noted for its perpetual futures trading capabilities, making it a cornerstone infrastructure within the Solana ecosystem. Prior to the incident, DeFiLlama data reported Drift’s Total Value Locked (TVL) exceeding $530 million. Following the exploit, its TVL has sharply declined to $252 million.

SolScan data indicates that the primary attacker’s wallet address (beginning with HkGz4Kmo) was seemingly created approximately nine days prior to the attack. It reportedly engaged in transactions on OKX and Jupiter before remaining dormant, only to become active again yesterday, April 1st.

Drift Protocol has assured its community that it will continue to provide timely updates on the investigation’s progress through its official X account.