Drift Protocol drained
What happened
Solana’s Drift Protocol was exploited on April 1 with on-chain trackers showing roughly $200–$285M drained in minutes — the largest DeFi hack reported so far in 2026. The attack forced Drift to halt deposits and prompted public confirmations from market players that they had no exposure to the platform as investigations and potential compensation talks begin. (decrypt.co) (globenewswire.com)
Why it matters
On-chain trackers first pointed to a single attacker-controlled wallet labeled "HkGz4K," with analytics firms reporting suspicious transfers in the $270M–$285M range into that address on April 1, 2026. (lookonchain.com) Forensic reporting shows the exploit used compromised administrative signing flows and durable nonce pre-signed transactions to gain effective multisig control, with traces of the attacker creating durable nonce accounts in late March before executing the drain on April 1. (4pillars.io) The attacker converted large portions of proceeds into USDC and routed them cross‑chain via Circle’s CCTP into Ethereum, with multiple on‑chain observers quantifying more than $230M bridged and roughly 129,000 ETH equivalents moved during the exit. (kucoin.com) Market data show immediate on‑chain fallout: protocol TVL collapsed from the low‑$300M range to single‑digit tens of millions within hours, and the DRIFT token plunged roughly 35–37% after the exploit alerts. (kucoin.com) Mainstream and institutional actors parsed exposure rapidly—DeFi Development Corp. (Nasdaq: DFDV) issued a Globe Newswire statement on April 1, 2026 confirming it held no exposure to Drift. (marketchameleon.com) Prominent on‑chain investigators including ZachXBT publicly criticized Circle for not freezing CCTP mints during the multi‑hour movement window, sparking renewed scrutiny of centralized bridge controls after the stolen USDC flowed across chains. (finance.yahoo.com) Security firms PeckShield and SlowMist were early flags on the incident, with Bloomberg reporting PeckShield’s involvement and other analytics groups identifying an initial large JLP withdrawal that preceded the cascading vault drains. (bloomberg.com)
Key numbers
- Solana’s Drift Protocol was exploited on April 1 with on-chain trackers showing roughly $200–$285M drained in minutes — the largest DeFi hack reported so far in 2026.
- (decrypt.co) (globenewswire.com) On-chain trackers first pointed to a single attacker-controlled wallet labeled "HkGz4K," with analytics firms reporting suspicious transfers in the $270M–$285M range into that address on April 1, 2026.
- (kucoin.com) Market data show immediate on‑chain fallout: protocol TVL collapsed from the low‑$300M range to single‑digit tens of millions within hours, and the DRIFT token plunged roughly 35–37% after the exploit alerts.
- (Nasdaq: DFDV) issued a Globe Newswire statement on April 1, 2026 confirming it held no exposure to Drift.
What happens next
- The attack forced Drift to halt deposits and prompted public confirmations from market players that they had no exposure to the platform as investigations and potential compensation talks begin.
Quick answers
What happened in Drift Protocol drained?
Solana’s Drift Protocol was exploited on April 1 with on-chain trackers showing roughly $200–$285M drained in minutes — the largest DeFi hack reported so far in 2026. The attack forced Drift to halt deposits and prompted public confirmations from market players that they had no exposure to the platform as investigations and potential compensation talks begin. (decrypt.co) (globenewswire.com)
Why does Drift Protocol drained matter?
On-chain trackers first pointed to a single attacker-controlled wallet labeled "HkGz4K," with analytics firms reporting suspicious transfers in the $270M–$285M range into that address on April 1, 2026. (lookonchain.com) Forensic reporting shows the exploit used compromised administrative signing flows and durable nonce pre-signed transactions to gain effective multisig control, with traces of the attacker creating durable nonce accounts in late March before executing the drain on April 1. (4pillars.io) The attacker converted large portions of proceeds into USDC and routed them cross‑chain via Circle’s CCTP into Ethereum, with multiple on‑chain observers quantifying more than $230M bridged and roughly 129,000 ETH equivalents moved during the exit. (kucoin.com) Market data show immediate on‑chain fallout: protocol TVL collapsed from the low‑$300M range to single‑digit tens of millions within hours, and the DRIFT token plunged roughly 35–37% after the exploit alerts. (kucoin.com) Mainstream and institutional actors parsed exposure rapidly—DeFi Development Corp. (Nasdaq: DFDV) issued a Globe Newswire statement on April 1, 2026 confirming it held no exposure to Drift. (marketchameleon.com) Prominent on‑chain investigators including ZachXBT publicly criticized Circle for not freezing CCTP mints during the multi‑hour movement window, sparking renewed scrutiny of centralized bridge controls after the stolen USDC flowed across chains. (finance.yahoo.com) Security firms PeckShield and SlowMist were early flags on the incident, with Bloomberg reporting PeckShield’s involvement and other analytics groups identifying an initial large JLP withdrawal that preceded the cascading vault drains. (bloomberg.com)
