Drift Protocol, a Solana-based decentralized exchange, lost $285 million in a highly sophisticated attack that targeted human operators, not smart contract code. The exploit, occurring on April 1, 2026, drained assets including USDC, WBTC, and WETH from nearly 20 vaults in under 20 minutes.
The attack leveraged durable nonces-advanced Solana transaction features that allow pre-signed commands-to bypass normal authorization timelines. Malicious actors gained control of Drift’s Security Council by tricking multisig signers into approving fraudulent transactions, according to the project’s official disclosure.
Drift’s total value locked plummeted from $550 million to $252 million. Its native token, DRIFT, dropped 40% in 24 hours. The attacker converted $270.9 million into USDC, bridged it to Ethereum via CCTP, and purchased 129,000 ETH across multiple wallets.
Lily Liu, President of the Solana Foundation, stated: "Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than code exploits." Ledger CTO Charles Guillemet linked the method to last year’s $1.4 billion Bybit hack, attributing both to North Korean-linked actors employing patient, supply-chain-level infiltration.
