Massive Drift exploit

About $280 million to $285 million vanished from Drift on April 1 after attackers hit multiple vaults on the Solana-based trading platform, turning what first looked like a bad joke into one of 2026’s biggest crypto thefts. Drift is a decentralized exchange where users trade perpetual futures, which are leveraged bets on price moves that do not expire on a set date. (theblock.co) (docs.drift.trade) Drift is not a simple token swap app. Its own documentation says users can trade perpetual futures with up to 101 times leverage, which means a $1 move in collateral can control roughly $101 of exposure, so any failure inside the system can spread fast across vaults and margin accounts. (docs.drift.trade) The first public explanation from Drift said the theft came from unauthorized transaction approvals prepared in advance through durable nonce mechanisms, which are pre-signed instructions that can sit around and be executed later. In plain English, the attackers appear to have gotten trusted signers to bless transactions before anyone realized what those approvals would unlock. (theblock.co) A later follow-up from Drift tied the attack to a six-month social-engineering campaign that started around a crypto conference in fall 2025. According to that account, the attackers posed as a quantitative trading firm, built relationships with contributors, and even deposited more than $1 million of their own money into a Drift Ecosystem Vault before the April 1 drain. (theblock.co) That detail matters because this was not just a bug hunt against code. It looks more like a bank robbery where the thieves spent months earning staff trust, getting keys and approvals lined up, and only then emptying the vaults in minutes. (theblock.co 1) (theblock.co 2) Once funds were stolen, part of the backlash shifted to Circle, the company behind the United States dollar stablecoin called USDC. CoinDesk reported that blockchain investigator ZachXBT argued faster action by Circle might have reduced losses after stolen USDC moved through Circle’s own cross-chain bridge. (coindesk.com) A bridge is the crypto version of a transfer desk between chains. If stolen money can cross that desk before a freeze lands, tracing it gets harder and recovery odds usually get worse. (coindesk.com) (finance.yahoo.com) Drift had published audit material from Trail of Bits saying no known low, medium, or high severity flaws were outstanding at the end of that assessment. Drift’s own risk page also warned that smart-contract exploits and blockchain failures could still lead to loss of funds, which is a reminder that an audit is a snapshot, not an insurance policy. (drift.trade) (docs.drift.trade) The hit also exposed how layered modern decentralized finance has become. A leveraged trading app sits on Solana, relies on multisignature approvals, routes stablecoins like USDC, and can touch bridges and external market plumbing, so one compromise can jump across several pieces of infrastructure instead of staying contained in one contract. (docs.drift.trade) (theblock.co) (coindesk.com) That is why a single exploit on one exchange can change prices and risk appetite well beyond one token. When traders see a $280 million-plus loss tied to leverage, governance approvals, and bridge exits in the same incident, they usually demand more margin, pull deposits, or avoid similar on-chain products until the weak link is clearer. (theblock.co 1) (theblock.co 2)