Drift Protocol suffered a severe exploit, in an attack that on-chain analysis and security firms estimate drained more than $285 million from the Solana-based perpetuals exchange. The breach tore through the protocol’s core liquidity and immediately forced Drift to halt deposits and withdrawals while the team worked to contain the damage.
The attack was not limited to a single asset or a simple smart-contract failure. The exploit appears to have combined a pre-created fake token, identified as CarbonVote Token (CVT), with what looks like control over admin or multisig keys, giving the attackers a direct path into Drift’s central liquidity vaults.
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
A coordinated exploit that emptied core liquidity
Once inside, the attackers moved quickly across multiple asset pools. They drained 41.7 million JLP tokens worth roughly $155 million, along with SOL, USDC and wBTC, before routing the funds through Jupiter, bridging them to Ethereum and converting them into ETH to make tracing and recovery more difficult.
The scale of the damage placed the incident among the largest hacks in Solana’s history. By current estimates, the Drift exploit ranks as the second-biggest breach on the network since the 2022 Wormhole attack, a comparison that shows just how deeply the protocol’s liquidity layer was compromised.
The market reaction was immediate and brutal. Drift’s native token fell more than 40%, sliding from around $0.073 to $0.040, while total value locked dropped from $550 million to $247 million, wiping out roughly 55% of the protocol’s TVL.
Drift’s team moved quickly to warn users as the situation unfolded. In an emergency post on X, the protocol confirmed the exploit was active, paused user flows, told users not to deposit funds, and stressed, “This is not an April Fools joke.”
The exploit deepens pressure on DeFi security
The timing of the attack also adds to a broader sense of rising risk across the sector. March 2026 had already seen about $52 million stolen across DeFi exploits, a sharp month-on-month increase that made Drift’s collapse feel less like an isolated shock and more like part of a worsening security pattern.
Recovery options now depend on speed, coordination and what assets remain traceable. Drift is working with security firms, bridge providers and exchanges to follow the flows on Ethereum, but once assets are bridged and swapped into ETH, the chances of meaningful recovery narrow quickly. Circle’s freeze capabilities may still matter for any USDC exposure that remains identifiable, although that leverage weakens once funds have moved beyond stablecoins or crossed chains.
For the broader market, the incident is a direct reminder of how much tail risk still sits inside DeFi infrastructure. Protocols that rely on concentrated liquidity and privileged operational controls remain exposed to sudden failures that can turn into full-scale solvency and confidence shocks in a matter of hours. In the near term, Drift’s priority is containment and remediation, while traders and counterparties will be reassessing venue risk, multisig protections and liquidity exposure across Solana perpetuals markets.
