$285M Bug Or Human Error? Solana-Based Drift Protocol Suffers Largest Exploit Of 2026
Solana-based Drift Protocol has suffered the most important exploit of 2026 to this point, dropping practically $300 million in a “extremely refined operation” that has raised issues concerning the rising risk of human-targeted assaults within the crypto area.
Solana DEX Loses $285M On April Fool’s Day
On Wednesday, Solana-based decentralized alternate (DEX) Drift Protocol was the sufferer of an exploit that stole lots of of tens of millions of {dollars} from its vaults. After on-line experiences flagged uncommon on-chain exercise yesterday afternoon, Drift’s official channels confirmed the assault, shortly suspending deposits and withdrawals.
According to experiences, the assault lasted lower than 20 minutes and stole round $285 million in a number of belongings, together with USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from practically 20 vaults. This marks the most important crypto exploit of 2026 to this point, and one of many largest hacks within the trade, simply above WazirX’s $235 million hack.
The hack worn out half of the Solana-based challenge’s whole worth locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama knowledge. Drift protocol’s token, DRIFT, additionally plunged, retracing practically 40% over the previous 24 hours.
Within hours, the exploiter had swapped $270.9 million into USDC, bridged them from Solana to Ethereum by way of the CCTP TokenMessengerMinterV2, and bought 129,000 ETH, splitting them throughout a number of wallets.
In a Thursday publish, Drift shared the small print of the incident, affirming that “a malicious actor gained unauthorized entry to Drift Protocol by means of a novel assault involving sturdy nonces, leading to a fast takeover of Drift’s Security Council administrative powers.”
Solana’s sturdy nonces are a complicated mechanism that permits transactions to bypass the standard brief expiration date of standard transactions. This permits customers to pre-sign transactions for future execution, offline signing, or complicated multisig workflows.
“This was a extremely refined operation that seems to have concerned multi-week preparation and staged execution, together with using sturdy nonce accounts to pre-sign transactions that delayed execution,” the publish continued.
Malicious Actors Targeting Humans, Not Smart Contracts
The Solana-based DEX emphasised that the exploit was not the results of a bug in Drift’s applications or sensible contracts, noting that they discovered no proof of compromised see phrases both.
“The assault concerned unauthorized or misrepresented transaction approvals obtained previous to execution, probably facilitated by means of sturdy nonce mechanisms and complicated social engineering,” the challenge underscored.
Lily Liu, President of the Solana Foundation, addressed the incident, asserting that it’s a blow to the entire Solana ecosystem. Liu identified that “Smart contracts held up. The actual targets now are people: social engineering and opsec weaknesses greater than code exploits.”
Ledger CTO Charles Guillemet linked Drift’s assault technique to Bybit’s $1.4 billion hack, which was attributed to North Korean hacking teams. As he defined, the attackers probably compromised a number of machines belonging to multisig signers by means of long-term infiltration and misled operators into approving the malicious transactions.
This modus operandi is much like the Bybit hack final 12 months, extensively attributed to DPRK-linked actors. The sample is changing into acquainted: affected person, refined supply-chain-level compromise concentrating on the human and operational layer, not the sensible contracts themselves.
Guillemet affirmed that the incident is “one more wake-up name for the trade” to boost the bar on security. “Ultimately, safety is not only about code audits. It’s about giving operators and customers the correct info on the proper time, to allow them to make knowledgeable choices about what they signal,” he concluded.