#DriftProtocolHacked Drift Protocol $285 Million Lock – What Happened and What Should You Do? Dear friends, On April 1, 2026, a major attack occurred on the Solana blockchain. The DeFi platform named Drift Protocol had assets stolen worth $285 2.85 billion dollars(. This is the largest DeFi hack of 2026 and the second-largest attack in Solana’s history. Let’s explore the details – what happened, how it happened, and what you should do now. What happened? )What Happened?( When did it happen? April 1, 2026 )April Fool’s Day( – Drift confirmed clearly that this was not a joke. How much damage? Approximately )12.9 million ETH$285 worth. What was stolen? · JLP tokens – (Million) · USDC – $155 Million+$51 · SOL – thousands of SOL · cbBTC, wBTC, WETH, and several other meme coins What happened to Drift Protocol? · TVL (Total Value Locked) decreased from $550 Million$300 to below (Million) · DRIFT tokens dropped over 50% – from $0.07 to $0.037 · Deposits and withdrawals were temporarily halted How did the attack happen? (Attack Method – Step-by-step Details) This was not a simple smart contract hack. It was an extremely sophisticated attack planned over several weeks. Step 1: Create Fake Token (CVT) The hacker created a fake token called "CarbonVote Token" (CVT). A total of 750 million units of this token were minted. Step 2: Manipulate the price The hacker provided liquidity only on Raydium and performed "wash trading" to make CVT’s price appear to be rising near the fake price. Oracles trusted this fake price. Step 3: Gain admin access Most importantly, Drift’s configuration was weak from the start: · One week prior, Drift changed its multisig wallet · New setup: 2/5 multisig – only 2 approvals needed to sign · No timelock – no delay, 0 seconds · Among the 5 signers, only 1 was an original member, the other 4 were new The hacker managed to compromise two of the signers – possibly through leaked private keys, social engineering, or insider cooperation. Step 4: Remove withdrawal limits After gaining admin rights, the hacker raised withdrawal limits to an extremely high level. No limits remained. Step 5: Send fake collateral The hacker deposited 750 million CVT tokens at fake value – approximately $500 Million$1 Drift assets as collateral. Step 6: Withdraw real assets Using this fake collateral, the hacker executed 31 quick withdrawals – pulling out real assets like USDC, SOL, JLP, etc., within 12 minutes. Step 7: Transfer the funds The stolen assets were transferred by the hacker: · First to USDC and SOL · Then via the (CCTP) bridge on the Ethereum blockchain to transfer further · Finally, purchased ETH – totaling around 129,000 ETH Who was affected? (Who Was Affected?) Platform/protocol status: Jupiter Exchange Safe – JLP pool fully insured, platform unaffected Meteora Safe – no interaction with Drift Perena Safe – USD* products unaffected PiggyBank_fi (exposure$750 – compensated by group funds Ranger Finance RGUSD paused – over $900k) exposure( Reflect Money USDC+/USDT+ paused – insured And more – Unitas Protocol is also safe. What are the big questions? )The Big Questions( Q1: Was this an external or internal hack? )Inside Job(? There is strong suspicion within the community of an "inside job." Why? 1. Timing of suspicion – just a week before, the multisig wallet was changed 2. Too easy for an external hacker – admin access shouldn’t be that easy 3. The team’s reaction was very normal – too calm in the face of major damage 4. Funds were fully transferred out – moved to ETH, no risk of being locked on CEX However, note that the rumor "team members resigned a month ago" is just on Twitter – no official confirmation yet. Q2: Will the funds be recovered? Unlikely. The funds have been transferred to ETH and dispersed across multiple wallets. Circle )USDC issuer$106k is accused of not locking funds. ZachXBT (famous on-chain investigator) wrote: “The stolen USDC millions were bridged while Circle remained stationary.” Q3: Is North Korea involved? Elliptic and some security firms suggest North Korean hackers (Lazarus Group) may be responsible. If true, recovery of funds is nearly impossible. Quick summary table Factor Details Funds lost (Million) 2.85 billion dollars Date April 1, 2026 Blockchain Solana (transferred to Ethereum) Type of attack Admin takeover + Oracle manipulation Main targets JLP, USDC, SOL, cbBTC Token DRIFT price drop Over 50% (0.07 to 0.037) Current status Deposit/withdrawal halted, under investigation What should you do? $285 Action Plan for You( If you are a Drift user: 1. Revoke all approvals from Drift 2. Follow official Drift channels for updates 3. Do not make new transactions until clear communication is provided If you are a general crypto user: 1. Check your funds – on any protocol linked with Drift 2. Reduce leverage – markets are highly volatile 3. Follow news – this incident is a turning point in DeFi security If you are a trader: · Expect short-term volatility in DRIFT tokens · Negative sentiment in the Solana ecosystem – be cautious · Do not "buy the dip" until the investigation concludes Final words )Final Word( This hack serves as a warning to the DeFi industry: "Access security > Source code security" Meaning – no matter how strong your code is, if admin keys are compromised, everything ends. Multisig, timelocks, and proper signing practices are mandatory and non-negotiable. The future of Drift Protocol remains uncertain. If funds are not recovered, it could lead to bankruptcy, lawsuits, or closure. What do you think now? Do you believe this was an external or internal hack? And have you ever held funds on DeFi protocols? Share your comments! Like! Share!

After the Drift attack, Ondo quickly froze approximately 477,000 USDY tokens, equivalent to about $537,000. This move at least indicates that subsequent asset recovery and loss mitigation are underway, but don’t interpret it as the risk being over. The over $285 million loss from yesterday still remains, and the market’s short-term confidence in the security of the Solana ecosystem will still be somewhat suppressed. $SOL