#DriftProtocolHacked

Drift Protocol, built on the Solana blockchain, is a decentralized platform for perpetual futures and derivatives trading. It allowed users to trade with leverage, lend, borrow, and earn yield without centralized control. Before the hack, it had around $550 million in total value locked (TVL), showing strong liquidity and user confidence.

When It Happened:
The attack occurred on April 1, 2026. Initially, some thought it might be an April Fools’ joke, but it was a serious and well-coordinated exploit confirmed by Drift Protocol within hours.

How Much Was Stolen:
The total loss was estimated between $280 million and $285 million, making this the largest crypto hack of 2026 so far and the second-largest in Solana’s history.

How the Hack Happened:
The attack was highly sophisticated and targeted the governance system rather than a simple code flaw.

Durable Nonces Exploit: Attackers misused Solana’s durable nonce feature to pre-sign transactions and trigger them at the right moment.

Partial Multisig Compromise: Drift’s 5-of-5 multisig security system was partially bypassed after attackers obtained authorization from 2 signers, likely through social engineering.

Preparation Over 8 Days: The attacker planned for more than a week, creating accounts and adjusting to changes in Drift’s security setup.
Execution: On April 1, the exploit was executed in minutes, draining vaults, listing fake collateral, removing withdrawal limits, and taking major assets including USDC, wrapped Bitcoin (wBTC), SOL, and other tokens.

What Was Drained:
Funds came from shared vaults, lending and borrowing deposits, trading collateral, and yield positions. Some assets, like the insurance fund and non-deposited tokens, were untouched.

Where the Funds Went:
The stolen funds were moved through multiple wallets and partially bridged to other blockchains to obscure their trail.

Drift Protocol Response:
Drift acted quickly by freezing operations, replacing compromised wallets, issuing public alerts, and starting a full investigation.

Market Impact:
The $DRIFT token lost over 40% of its value, dropping to $0.040, while TVL fell sharply from $550 million to $24 million, reflecting a major loss of user confidence.

Advice for Users:
Avoid depositing funds.
Check that wallet approvals are revoked.
Follow only official Drift communication for updates.

Why This Matters:
The hack shows that even strong security systems like multisig can fail if partial control is compromised. It also highlights that legitimate blockchain features can be misused, and human factors remain a weak point in decentralized finance security.

Conclusion:
The Drift Protocol hack is one of the most sophisticated DeFi attacks in recent history. It targeted governance, not just code, combining technical skill with careful planning. This incident is a critical reminder that trust, risk, and security in DeFi require constant vigilance.