Drift attack escalation: 20 protocols affected, whale JUP urgently stops losses with an empty position

On April 3, the decentralized exchange protocol Drift issued an announcement stating that the team has identified critical information related to this attack. It is currently sending on-chain messages from the sender address to the Ethereum wallets holding the stolen funds, urging the attacker to communicate. The number of affected protocols has expanded from the 11 previously confirmed to 20, and the stolen Drift report triggered a brief abnormal trading activity in Jupiter (JUP).

Drift Sends On-Chain Messages to the Attacker: Four ETH Wallet Addresses Exposed

In the announcement, Drift disclosed that it has sent on-chain messages to the following Ethereum wallets holding the stolen funds (message sender address: 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105):

Wallet 1: 0xAa843eD65C1f061F111B5289169731351c5e57C1 (Apr 03 05:17 UTC)

Wallet 2: 0xD3FEEd5DA83D8e8c449d6CB96ff1eb06ED1cF6C7 (05:20 UTC)

Wallet 4: 0x0FE3b6908318B1F630daa5B31B49a15fC5F6B674 (05:25 UTC)

Drift said the team is willing to communicate with the attacker and stated that once a third-party attribution analysis is completed, it will immediately share follow-up updates with the community. This kind of “on-chain public negotiation” strategy is a common response mechanism for decentralized protocols dealing with hacker incidents. It aims to encourage the attacker to voluntarily return the funds through publicly visible messages.

Affected Protocols Rise to 20: Loss Scale Continues to Grow

(Source: SolanaFloor)

According to disclosures by SolanaFloor, the newly affected protocols include PiggyBank, Perena, Vectis, Valeo, Amp Pay, Loopscale, Prime Numbers Fi, Gauntlet, and Exponent—9 additional protocols—bringing the total number of affected protocols to 20. The major protocols with losses currently disclosed are as follows:

Prime Numbers Fi: Estimated loss of more than $10 million

Gauntlet: About $6.4 million

Neutral Trade: About $3.67 million

Elemental DeFi: About $2.9 million

Reflect Money: About $1.95 million

Vectis: About $1.69 million

Ranger Finance: About $0.919 million

Pyra: About $0.551 million

PiggyBank: Confirmed loss of $106,000, fully covered by the project team

Jupiter Fluctuations and a Whale’s Stop-Loss: Chain-Reaction Market Response to the Drift Incident

The stolen Drift news continues to spread. Combined with Jupiter’s official statement “the platform is not affected by this incident,” the market briefly speculated that some of the stolen funds might route through Jupiter to escape, triggering an abnormal trading volume for JUP. JUP temporarily surged, climbing 3.1% in a short time, with the intraday high breaking above $0.16.

Monitoring by Hyperinsight shows that, in this context, the whale with an address starting with 0x8b0—previously the largest JUP short position held on Hyperliquid, with a size of $1.22 million—fully stopped out and closed the position within half an hour. It recorded a loss of approximately $33,700, with a closing average price of $0.1625. Even the largest short player chose to prioritize avoiding potential short-squeeze risk during the period of uncertainty rather than continuing to hold.

Frequently Asked Questions

What is the purpose of Drift sending on-chain messages to the attacker?

Sending on-chain messages is a standard negotiation strategy used by DeFi protocols in response to hacker incidents—sending verifiable messages from a public ledger to the target wallet to express willingness to negotiate. Typically, the goal is to trade the return of most of the funds for immunity from further legal or on-chain tracking actions. This also signals to the community that the attacker-identification work is underway.

Why did stolen Drift affect the price of Jupiter (JUP)?

Market speculation suggested that some of the stolen funds might flow through the Jupiter protocol as an exit route, triggering a brief spike in abnormal trading volume and pushing JUP up by 3.1% in the short term. Although Jupiter officially stated that the platform was not affected, market uncertainty still triggered an emergency stop-loss action by the largest JUP short whale, indicating that such news should not be ignored for its immediate liquidity impact on the related token.

How large is the total loss of the protocols affected by the current Drift attack incident?

Based on currently disclosed data, the largest single loss is Prime Numbers Fi at more than $10 million. Next is about $6.4 million for Gauntlet, bringing the total disclosed losses to over $28 million. The number of affected protocols has increased to 20, and multiple protocols still have loss figures pending final confirmation.