Drift Protocol, a major Solana-based DeFi platform, has fallen victim to a massive exploit. On April 1st, attackers managed to siphon off assets totaling at least $280 million. Despite the date, the project team immediately clarified: “This is not an April Fool’s joke,” urging users to cease all interaction with the platform.
Anatomy of the Hack: Timeline of Events
Investigations reveal that the attack was a meticulously planned operation spanning over a week. The hacker did not exploit a technical bug in the code; instead, they manipulated the “human element.”
- March 23: Preparation began with the creation of four wallets using durable nonces (delayed transaction mechanisms). Two of these addresses were designed to impersonate members of the Drift Security Council.
- The Method: Utilizing sophisticated social engineering, the attacker convinced at least two of the five multisig signatories to approve transactions.
- March 30: Even a scheduled rotation of the Council members failed to stop the intruder, as the hacker quickly created a new wallet tailored to the updated multisig structure.
- April 1: The climax occurred during a legitimate test of the insurance fund. Immediately following a test withdrawal by the team, the hacker activated pre-signed transactions that transferred administrative rights and executed the theft.
Which Assets Were Impacted?
The breach hit all core areas of the protocol’s operations. The following were compromised:
- Lending deposits;
- Trading accounts;
- Vaulted funds.
What remains safe: DSOL tokens held outside the ecosystem and the primary assets of the Insurance Fund were reportedly untouched.
Stolen assets include Wrapped Bitcoin (wBTC), Jito tokens, various memecoins (including Fartcoin), and significant amounts of stablecoins pegged to the USD, EUR, and JPY. Currently, the stolen funds have been dispersed across numerous secondary wallets.
Market Reaction and Project Outlook
The incident had an immediate impact on the protocol’s native token:
- DRIFT Price: Plummeted by 37% (from $0.07 to $0.04).
- Market Cap: Nearly halved, dropping to approximately $25 million.
- Prognosis: Historically, roughly 80% of protocols fail to recover after exploits of this magnitude.
“Drift likely doesn’t generate enough revenue to plug a hole this size or secure a loan to compensate users, unlike major exchanges,” community experts noted.
The Circle Controversy: Why Weren’t Stablecoins Frozen?
The hack has sparked a wave of criticism against Circle (the issuer of USDC). Renowned on-chain sleuth ZachXBT and Delphi Digital co-founder Tommy Shaughnessy expressed outrage over the centralized giant’s perceived inaction.
Key Grievances:
- Failure to Block: Despite hundreds of millions of dollars moving during US business hours, Circle did not freeze the associated addresses.
- Unimpeded Transit: The hacker successfully bridged funds from Solana to Ethereum via cross-chain protocols without interference.
- The Decentralization Irony: The community is once again questioning the utility of “centralized” stablecoins if they cannot intervene to stop blatant criminal activity in real-time.
Current Status
As of now, Drift Protocol has partially suspended operations: functions are frozen, the multisig has been updated, and the compromised wallets have been removed. The team is currently working with law enforcement, exchanges, and cybersecurity experts to track the movement of the stolen assets.
User Recommendation: Refrain from any transactions involving Drift Protocol until an official investigation report is released.
