On-chain exchange Drift Protocol suffers a hack loss of $280 million—could the Solana ecosystem see a chain reaction?

Drift Protocol, a decentralized exchange platform, suffered a major hacking attack on April 2, with estimated losses of up to $280 million, becoming one of the largest DeFi security incidents in the Solana ecosystem. The attacker exploited a multisig vulnerability to obtain the admin key, drained multiple vaults in a short period of time, and quickly transferred the assets cross-chain to Ethereum.

“Not an April Fools’ joke” Drift hit with emergency pause on deposits and withdrawals

In a post early Wednesday morning, Drift Protocol said it detected “abnormal trading activity” on the platform, warned users not to deposit funds until the issue is resolved, and later announced that it had suspended the platform’s deposit and withdrawal functions, adding that it would continue updating its investigation progress.

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as…

— Drift (@DriftProtocol) April 1, 2026

Now that it has been seven hours since the incident, Drift Protocol’s official account has still not responded or provided any progress updates.

Loss magnitude: More than 20 assets stolen, worth over $280 million

According to a compilation by the cybersecurity firm PeckShield, this attack affected more than 20 cryptocurrencies, with an estimated loss of $285 million. This includes the JLP token worth about $159 million, USDC worth $71.42 million, BTC-related assets worth $16.27 million, SOL-related assets worth $13.57 million, ETH-related assets worth $4.68 million, and other stablecoins worth tens of millions of dollars.

Data from Reckt shows that this incident will become the largest cryptocurrency theft case this year, and one of the most serious security incidents in Solana’s history—second only to the Wormhole bridge vulnerability that caused $326 million in losses in 2022.

Is the Solana ecosystem facing risk? A one-stop look at the affected protocols

Crypto KOL @lugeweb3 compiled the impact of the Drift Protocol hack on other Solana protocols, including PiggyBank, which was stolen $106,000, while projects such as Carrot Finance, Lulo, Reflect, and Ranger have already paused some functions and frozen some funds.

The article also confirmed the security of major protocols including Jupiter, Kamino, Meteora, Wormhole, and Solflare.

Attack method: Admin key compromised; multisig protection proves ineffective

Blockchain security firm Chaos Labs analyzed that the core of this attack was the compromise of Drift Protocol’s admin signing key (admin key).

About a week before the incident, Drift migrated its multisig architecture to a new wallet. The new architecture consists of 5 signers with a 2/5 threshold, but a time lock of zero seconds—meaning that as long as any two people sign, the transaction can be executed immediately. Among those holding permissions for the new multisig wallet, 4 members were newly added, while only 1 was from the old team.

After the attacker obtained admin privileges, they set up a fake CVT spot market on-chain, and designated an oracle controlled by them to artificially inflate the asset price. They then deposited worthless tokens as collateral, while raising the withdrawal limits for major assets such as USDC and wETH by 20 times, ultimately withdrawing the on-chain funds in a single sweep.

Chaos Labs founder Omer Goldberg noted that the entire attack process was completed within seconds, seemingly with no security mechanisms or warnings triggered.

Nine-figure funds cross-chain to Ethereum; Circle criticized for slow response

After the incident, the hacker used the Solana on-chain DEX Jupiter to exchange a large portion of the stolen assets into USDC, then bridged the stablecoin to Ethereum via Circle’s cross-chain transfer protocol (CCTP), and further exchanged it for ETH.

On-chain sleuth ZachXBT criticized the situation, saying that the nine-figure illegal funds were transferred on CCTP during U.S. working hours, yet Circle took no freezing or blocking actions. He said Circle and its founding team are also the black sheep in the industry.

Industry warning: Single-point risk in DeFi key management must be addressed

Also drawing attention is that Drift Labs co-founder Cindy leow was just selected last year for Forbes’ 30 under 30, and she is also known for being on the “anti-benchmark” list; the community has even speculated about the possibility of internal team wrongdoing—guarding the team funds while stealing from within.

Source: @RXu107

Now, this incident once again highlights the single-point risk in DeFi protocol management of high-privilege keys. Goldberg urged that DeFi protocols should introduce parameter boundary settings, withdrawal rate limits, and time-lock mechanisms with real effect as soon as possible, in order to reduce the risk of users’ assets being hacked.

This article, “On-chain exchange Drift Protocol hacked, losses of $280 million; could trigger a chain reaction in Solana’s ecosystem?” first appeared in On-chain News ABMedia.