Drift Protocol has halted deposits and withdrawals after confirming it is experiencing an active attack, with early estimates suggesting losses could reach hundreds of millions of dollars.
The protocol disclosed the incident in a public update on 1 April, stating that it is coordinating with security firms, bridges, and exchanges to contain the situation.
“This is not an April Fools joke,” the team said, adding that further updates will follow as the investigation develops.
Estimated losses near $285m as breakdown emerges
Blockchain security firm PeckShield estimated the initial losses at around $285m, based on early on-chain analysis.
A breakdown shared by the firm suggests the exploit spans multiple assets, including:
- $71.4m in USDC
- $159.3m in JLP
- Smaller amounts across USDT, WETH, wrapped BTC, and Solana-based assets
While the figures remain preliminary, the scale places the incident among the larger DeFi exploits in recent months.
Funds begin moving across wallets
Separate on-chain tracking indicates that the attacker has already begun moving funds across multiple wallets. This is a pattern typically associated with attempts to obscure transaction trails.
Initial flows suggest assets are being split and transferred through different addresses, with some movements potentially involving cross-chain bridges. This behavior is consistent with past exploits where attackers rapidly redistribute funds to reduce traceability and recovery risk.
At the time of writing, there has been no confirmed recovery of funds.
Unverified reports point to potential exploit mechanism
Unconfirmed reports circulating on social media suggest the attacker may have gained access to a privileged administrative key, allowing them to modify protocol parameters.
According to these accounts, the attacker allegedly manipulated collateral settings, inflated the value of a low-liquidity asset, and used it to borrow higher-value tokens before draining liquidity from the system.
However, these claims remain unverified, and Drift Protocol has not confirmed the attack vector.
A growing pattern of complex DeFi exploits
The incident adds to a broader trend of increasingly sophisticated exploits targeting decentralized finance protocols, where vulnerabilities often extend beyond simple smart contract bugs.
In several recent cases, attackers have exploited governance controls, oracle mechanisms, or internal parameter systems rather than purely external vulnerabilities.
If confirmed, the suspected method in this case would reflect a similar pattern, highlighting how complex protocol design and privileged access controls can introduce new risk surfaces.
Investigation ongoing
Drift Protocol said it is working with multiple partners to investigate the breach and contain further damage. No timeline has been provided for restoring normal operations.
The full scope of the exploit, including the exact attack vector and potential recovery efforts, remains unclear.
Final Summary
- Drift Protocol has paused operations following an active attack, with early estimates placing losses at around $285m.
- While funds are already being moved on-chain, the exact exploit method remains unconfirmed as investigations continue.
