April Fool's Joke? Drift Protocol Hacked for Over $280 Million, Potentially the Second Largest DeFi Heist in Solana Ecosystem
In a major security breach on April 1, Solana-based derivatives protocol Drift Protocol suffered an exploit resulting in over $280 million in losses, potentially making it the second-largest DeFi hack on Solana. The attack involved compromised admin keys, allowing the hacker to mint fake CVT tokens, manipulate oracles, and drain the treasury.
The attacker executed 11 large transactions, transferring assets including 51.61 million USDC, 125,000 WSOL, and 164,000 cbBTC, before bridging funds to Ethereum to acquire nearly 20,000 ETH. Drift’s treasury plummeted from $309 million to $41 million within minutes.
The protocol had recently updated to a 2/5 multi-signature wallet without a timelock, raising suspicions of insider involvement or private key leakage. Security firms like PeckShield pointed to admin key compromise as the likely cause rather than a smart contract bug.
Following the incident, DRIFT token fell over 38%, and SOL dropped nearly 5%. Multiple projects integrated with Drift were affected, with several pausing deposits, withdrawals, or trading. The scale of the attack highlights ongoing vulnerabilities in DeFi, particularly around operational and key management security. Users are advised to avoid interacting with Drift until a full investigation is complete.
Odaily星球日报04/02 04:14
