BEARISH 📉 : Drift Protocol hack steals $285M, halves TVL, DRIFT plunges 40%
Attacker drains $285M from Solana DEX Drift. TVL halves. Funds bridged to Ethereum and split.
Drift Protocol on Solana was hit by an exploit of about $285M in under 20 minutes. The team paused deposits and withdrawals and confirmed a durable nonce–driven takeover of admin powers. Source.
Impact
- Largest crypto exploit of 2026 to date. Among the industry’s biggest, topping WazirX’s $235M hack. NewsBTC.
- Around 20 vaults drained. Assets included USDC, USDT, JUP, USDS, WBTC, WETH. NewsBTC.
- TVL fell from ~$550M to ~$252M. DRIFT token dropped ~40% in 24h. NewsBTC.
On-chain moves
- $270.9M swapped into USDC, bridged from Solana to Ethereum via CCTP TokenMessengerMinterV2, then used to buy 129,000 ETH. Funds split across multiple wallets. NewsBTC.
Method
- Drift: “A malicious actor gained unauthorized access… involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.” No program or smart-contract bug found. Team cites “unauthorized or misrepresented transaction approvals,” likely aided by durable nonce mechanisms and social engineering. Drift statement.
- Durable nonces let users pre-sign transactions for delayed execution and complex multisig workflows. Attackers allegedly leveraged that to stage approvals. Drift.
Industry read
- Solana Foundation’s Lily Liu: “Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses.” Liu.
- Ledger CTO Charles Guillemet links the playbook to Bybit’s $1.4B hack, citing patient, supply-chain–level compromises of multisig operators. Guillemet.
