Drift Protocol suffered an ongoing attack against all its vaults, with over $270M feared stolen within an hour

---

---

Drift Protocol shows on-chain data of suspicious transactions of around $200M. The latest Web3 attack arrives after several slow weeks with smaller exploits. 

Solana on-chain data showed large-scale outflows from Drift Protocol, one of the leading decentralized exchanges on Solana. The losses spanned multiple tokens, for an estimated loss of over $200M. 

Solana influencer Mert Mumtaz noticed the exploit, calling for further research and possible cooperation in intercepting the assets. 

hello someone from circle reach out asap, seeing high likelihood of a potentially large exploit

— mert (@mert) April 1, 2026

Since Drift Protocol is a DEX, multiple assets may be affected. About an hour after the attack, Drift Protocol had lost nearly 50% of its liquidity, or around $270M. 

What caused the Drift Protocol loss? 

The exploit was intercepted within the first hour, showing a series of suspicious transactions. The latest transfer was for 10,000 SOL sent to a new wallet. Drift protocol confirmed the exploit, calling users not to deposit funds and to stop trading. The team did not explain how it would stop the attack, but for now, Phantom Wallet has stopped access to the protocol.  

We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds into the protocol while we investigate. This is not an April Fools joke. Proceed with caution until further notice. We’ll provide additional updates from this account.

— Drift (@DriftProtocol) April 1, 2026

The losses came in a series of transactions originating from a single Drift Protocol account, potentially signaling that a user had full control of assets. The outgoing transactions included SOL, JitoSOL, WETH, FARTCOIN, USDC, SyrupUSDC, and other assets. Some of the stolen assets, like cbBTC, may be frozen by the issuer if intercepted on time before swapping. 

The attack was ongoing, constantly adding new assets supported by Drift, including JLP, over $2M in mSOL, INF, dSOL, and other tokens. The exploiter also took a little over 282 BTC and minted a new token to taunt Drift Protocol.

Some of the funds were sent to ChainFlip and swapped into USDC, a token that could hypothetically be frozen if Circle reacted on time. Some of the funds were sent to Ethereum wallets, potentially ready to be mixed and obscure their tracks. Funds are also moving to Raydium, Orca, Meteora, and other intermediary wallets.

Drift Protocol may be the biggest Web3 attack of this crypto cycle

The DEX hack is even bigger than the $60M exploit of Cetus Protocol in the summer of 2025. Cetus Protocol ended up losing over $223M. Before the exploit, Drift Protocol held over $550M in total value locked, becoming an attractive target for Web3 hackers. The protocol also carried nearly $70M in daily perpetual futures trading. 

The attack has the potential to become the most serious Web3 event in the past two years, surpassing other similar exploits. The exploit follows the usual practice of moving and swapping assets quickly, instead of leaving them in intermediary wallets. The exploiter was prepared eight days before the exploit, using multiple Web3 assets, including the Wormhole bridge. 

so, drift protocol vault was drained and I found some interesting things onchain:

drainer [ HkG…ZES ] was funded 8 days ago via near intents, but was inactive and suddenly received huge amounts from drift vault (a)

drainer transferred/swapped the amount to launderer [… pic.twitter.com/aheY3PHx3t

— aryan | (@_0xaryan) April 1, 2026

The attack targeted Solana just as it emerged as the leading DEX destination for token trading and perpetual futures. The event also resolved a Polymarket pair predicting another large-scale crypto hack above $100M by the end of the year. 

After the hack, the protocol turned out to lack a Certik audit and to have some governance vulnerabilities. While the audit is not a guarantee, it may remove obvious exploit points. On-chain researchers noticed a test transaction a week before the true exploit, signaling the attacker was aware of the protocol’s weak points. 

Drift Protocol’s native DRIFT token fell by 10% in the first hours after the hack, down to $0.059. The attacker controls 2.5% of the FARTCOIN supply and may also crash the price of other assets. The wrapped BTC and ETH may also cause disparities with the main asset, affecting other protocols as well.

Despite the slower Web3 activity, protocols remain attractive for exploits, with multiple techniques, including supply chain attacks. In the initial stage of the exploit, the exact cause of the hack and the ability of the exploiter to empty multiple liquidity vaults remain without a clear explanation. 

The smartest crypto minds already read our newsletter. Want in? Join them.