News
3 Apr 2026, 12:36
Is Your Crypto Funding Pyonyang? Inside Solana-Based Drift Protocol $286 Million Exploit

Blockchain analytics firm Elliptic says the $286 million exploit of Solana-based Drift Protocol is most likely linked to the Democratic People’s Republic of Korea (DPRK). Solana Suffered One Of The Largest Crypto Exploits In History On April 1st, the DEX Drift Protocol suffered a major exploit that drained almost $300 million dollars in crypto assets from its core vaults. The exchange reported on it on its official X account as it was still undergoing: Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj — Drift (@DriftProtocol) April 1, 2026 The raid unfolded in under 20 minutes, with roughly $286 million siphoned off across a basket of assets from close to 20 vaults. Drift is the largest decentralized perpetual futures exchange on Solana. This is the biggest crypto exploit seen so far in 2026 and ranks among the largest on record, edging out the $235 million WazirX breach. Drift’s total value lock (TVL) collapsed from roughly $550 million to under $250 million after the attack. The team’s emergency response consisted of pausing deposits and withdrawals and coordinating with security firms and exchanges. The protocol shared the details of the incident later on, claiming it was a “a highly sophisticated operation that appears to have involved multi-week preparation and staged execution”. Beyond that, the exchange’s official channels refrained from attributing responsibilities. Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved… — Drift (@DriftProtocol) April 2, 2026 Now, the analytics firm Elliptic has released an investigation claiming the on‑chain behavior, laundering methods, and network‑level indicators match the techniques seen in prior DPRK‑linked operations, making this not just another DeFi rug, but a suspected state‑sponsored attack. The North Korean Hackers Strike Again Ledger CTO Charles Guillement also linked Drift’s attack method to Bybit’s $1.4 billion hack, which was attributed to North Korean hacking groups. NewsBTC’s sister website Bitcoinist reported on this yesterday. Drift Protocol, one of the leading perpetual DEXs on Solana, has been hacked for approximately $213M. This makes it the biggest hack of 2026 so far, and one of the largest ever on the Solana blockchain, right behind the Wormhole Bridge exploit of 2022. The full details of the… — Charles Guillemet (@P3b7_) April 2, 2026 According to Elliptic, the attacker likely compromised Drift’s administrator private keys, gaining privileged control over withdrawals and key parameters. The attack systematically drained three main vaults: JLP Delta Neutral, SOL Super Staking and BTC Super Staking, including a single $41.7 million JLP transfer worth about $155 million. Elliptic traced the stolen funds and concluded that the attacker created the wallet roughly eight days before the exploit and even received a small test transfer from a Drift vault. This suggests a pre‑planned, staged operation rather than a smash‑and‑grab. After the exploit was completed, the attacker used Jupiter, a Solana DEX aggregator, to swap the stolen tokens into USDC, bridged funds to Ethereum, and then rotated into ETH and other assets across multiple wallets. Such cross‑chain laundering patterns, obfuscation methods, and network‑level indicators match techniques seen in prior DPRK‑attributed attacks, Elliptic claims. If officially confirmed, this would be the 18th such operation with over $300 million stolen already. Confirmed or not, there is no denying that state‑linked actors are systematically targeting liquidity‑rich crypto protocols to fund North Korea’s weapons programs. Let’s not forget that the North Korea‑affiliated Lazarus Group has funneled billions of dollars in stolen money through cryptocurrency networks. Elliptic has already clustered all attacker‑linked token accounts on Solana and Ethereum so exchanges and protocols can screen against contaminated funds in near real time. The hack will likely harden scrutiny of Solana DeFi governance, admin key design, and multisig security, even as the ecosystem continues to chase institutional‑grade perps liquidity. Cover image from Perplexity. SOLUSD chart from Tradingview.
3 Apr 2026, 11:35
Analysts implicate North Korea's Lazarus hacker group in Drift Protocol exploit

The analysis of Drift Protocol’s recent exploit pointed to North Korean hackers, possibly the same group that exploited Bybit for over $1.4B. The exploit affected multiple DeFi apps across the Solana ecosystem. Drift Protocol analysis shows the exploit was possibly performed by North Korea’s Lazarus Group , the same threat actors behind Bybit and the Ronin bridge hack. New facts about the exploit are also emerging, based on DivergSec analysis and reports by Elliptic and TRM Labs. The attacker did not just compromise the Drift Protocol multisig once. Drift migrated some of its multisig wallets to new Security Council members. Within three days, the attacker compromised the new multisig and prepared with pre-signed transactions on March 31, a day before the attack. The specific usage of wallets points to the Lazarus Group modus operandi, with a wallet first funded by Tornado Cash, rapid multi-chain bridging to ETH, and consolidating the funds for mixing. Based on Elliptic’s research, Lazarus has performed 18 attacks in the year to date. Researchers will cooperate with the Drift Protocol team to track the funds. Drift Protocol sends message to exploiters Drift Protocol announced that critical information about the involved parties has been discovered. The team sent messages to the four identified wallets currently holding the proceeds of the hack. Critical information of parties related to the exploit have been identified. Drift is now sending an on-chain message from 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105 to the ETH Wallets that holds the stolen funds. Wallet 1: 0xAa843eD65C1f061F111B5289169731351c5e57C1 (Timestamp… — Drift (@DriftProtocol) April 3, 2026 The message suggested Drift Protocol may have known the identity of the hackers. The community speculates about possible insider access or project infiltration. Despite this, Drift Protocol was still criticized for having a zero timelock on protocol-level changes, allowing the exploiter to drain liquidity immediately. Drift Protocol spread contagion to the Solana economy Drift Protocol retains $232M in value locked, down from over $550M. Multiple protocols that used Drift for yield have had their funds stolen or frozen in whole or in part. SOL recovered above $80 after a brief dip in response to the hack. The hack affected Reflect Money for its USD+ farming yield. DeFi Carrot lost 50% of its TVL in Drift, and CRT tokens were also affected. Ranger Finance was exposed through rUSD. PiggybankFi lost $106K from deposits into Drift Protocol. Project0 paused loans against Drift vaults. Other projects, including Pyra, which lost all its funds, and XPlace, which mainly used Drift for yield. Elemental DeFi was only exposed through a USDC vault. Some of the protocols only had their funds on hold until security is improved. Eleven projects were affected so far, not counting the general sentiment repercussions and loss of trust in DeFi lending. A total of 35 DeFi protocols have been exploited in 2026 to date, with an accelerating trend and more organized attacks. Around $453M was extracted from DeFi, showing it is still a high-risk sector. The hacks undermine the narrative that DeFi would be a suitable way to gain yield with minimal risk. There’s a middle ground between leaving money in the bank and rolling the dice in crypto. Start with this free video on decentralized finance .
3 Apr 2026, 11:17
DRIFT Hack: 280M$ Stolen, Onchain Message to Hackers

Solana-based Drift Protocol sent ETH onchain message to hackers after 280M$ hack. Cyvers: Weeks-long operation, durable nonces vulnerability. Price 0.04$, RSI 26 oversold. Potential 200M+ exploitat...
3 Apr 2026, 09:00
$285M Bug Or Human Error? Solana-Based Drift Protocol Suffers Largest Exploit Of 2026

Solana-based Drift Protocol has suffered the largest exploit of 2026 to date, losing nearly $300 million in a “highly sophisticated operation” that has raised concerns about the growing threat of human-targeted attacks in the crypto space. Related Reading: Bitcoin ETFs Break Four-Month Negative Streak With $1.32B Inflows While ETH, XRP Funds Bleed Solana DEX Loses $285M On April Fool’s Day On Wednesday, Solana-based decentralized exchange (DEX) Drift Protocol was the victim of an exploit that stole hundreds of millions of dollars from its vaults. After online reports flagged unusual on-chain activity yesterday afternoon, Drift’s official channels confirmed the attack, quickly suspending deposits and withdrawals. According to reports, the attack lasted less than 20 minutes and stole around $285 million in multiple assets, including USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from nearly 20 vaults. This marks the largest crypto exploit of 2026 to date, and one of the largest hacks in the industry, just above WazirX’s $235 million hack. The hack wiped out half of the Solana-based project’s total value locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama data. Drift protocol’s token, DRIFT, also plunged, retracing nearly 40% over the past 24 hours. Within hours, the exploiter had swapped $270.9 million into USDC, bridged them from Solana to Ethereum via the CCTP TokenMessengerMinterV2, and purchased 129,000 ETH, splitting them across multiple wallets. In a Thursday post, Drift shared the details of the incident, affirming that “a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.” Solana’s durable nonces are an advanced mechanism that allows transactions to bypass the typical short expiration date of regular transactions. This enables users to pre-sign transactions for future execution, offline signing, or complex multisig workflows. “This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution,” the post continued. Malicious Actors Targeting Humans, Not Smart Contracts The Solana-based DEX emphasized that the exploit was not the result of a bug in Drift’s programs or smart contracts, noting that they found no evidence of compromised see phrases either. “The attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” the project underscored. Lily Liu, President of the Solana Foundation, addressed the incident, asserting that it is a blow to the whole Solana ecosystem. Liu pointed out that “Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than code exploits.” Related Reading: Analyst Forecasts More Pain For XRP In Q2 – How Much Lower Can It Go? Ledger CTO Charles Guillemet linked Drift’s attack method to Bybit’s $1.4 billion hack, which was attributed to North Korean hacking groups. As he explained, the attackers likely compromised several machines belonging to multisig signers through long-term infiltration and misled operators into approving the malicious transactions. This modus operandi is similar to the Bybit hack last year, widely attributed to DPRK-linked actors. The pattern is becoming familiar: patient, sophisticated supply-chain-level compromise targeting the human and operational layer, not the smart contracts themselves. Guillemet affirmed that the incident is “yet another wake-up call for the industry” to raise the bar on security. “Ultimately, security is not just about code audits. It’s about giving operators and users the right information at the right time, so they can make informed decisions about what they sign,” he concluded. Featured Image from Unsplash.com, Chart from TradingView.com
3 Apr 2026, 08:09
Solana Price Prediction: After The Exploit, Is The Network Still Safe? Will Price Recover?

Solana price appears to be stabilizing below $80, but the Drift Protocol exploit raised questions, followed by bearish prediction. Is the network’s infrastructure fundamentally compromised, or is this selloff noise masking a recovery setup? The Drift Protocol attack drained at least $270 million in under 60 seconds, but notably, no code was broken. The attacker exploited “durable nonces,” a legitimate Solana feature that allows transactions to remain valid indefinitely by replacing the standard 60–90 second expiring blockhash with a fixed on-chain code. Security council members were tricked into pre-signing administrative transfers weeks before execution, with no way to revoke approval once given. The exploit required more than a week of setup and less than a minute to detonate. Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers. This was a highly sophisticated operation that appears to have involved… — Drift (@DriftProtocol) April 2, 2026 That distinction of feature abuse versus protocol failure is critical for price recovery timing. Macro headwinds compound the damage , BTC hovering at $66,000, S&P 500 under pressure, and oil above $100 stoking stagflation fears that are already suppressing risk appetite across the crypto markets. Discover: The best crypto to diversify your portfolio with Solana Price Prediction: Hold $80 Support, or a Drop to $50 SOL’s technical picture is unambiguously bearish. The RSI sits at 32 on the daily, approaching oversold, but it looks like bears haven’t exhausted themselves just yet. The 50-day SMA at $117 is overhead resistance; the 200-day SMA at $30 is dropping to the 100-day SMA. Only 13% of technical signals read bullish, with the Fear & Greed Index locked at 29 for 46 consecutive days. CFGI The critical level is $85, and failure to reclaim it confirms the breakdown. Analyst warns a sustained break below $85 opens a flush toward the $50–$30 Fair Value Gap accumulation zone. Network revenue remains 93% below January peaks, undermining any near-term fundamental rebound argument. SOL USD, TradingView The exploit doesn’t erase Solana’s infrastructure roadmap. It does reset near-term trust, and trust is priced faster than fundamentals. Discover: The best pre-launch token sales Maxi Doge Targets Early-Mover Upside as Solana Tests Key Levels SOL at $80 is a setup, but it’s also a waiting game with real downside risk attached. Traders rotating out of established-layer-one volatility are increasingly eyeing early-stage presales where entry price, not recovery timing, does the heavy lifting. Maxi Doge ($MAXI) is one attracting attention. Built on Ethereum (ERC-20), the project packages a 240-lb canine mascot with genuine community mechanics: holder-only trading competitions with leaderboard rewards, a Maxi Fund treasury dedicated to liquidity and partnerships, and a meme-first marketing engine built around gym-bro culture and the tagline “Never skip leg-day, never skip a pump.” It’s unambiguously meme-first, which, in this market, is exactly where retail attention is rotating . We know risk-off macro tends to funnel speculative capital toward low-cap narratives, not $80 SOL recovery bets. WHERE ALL THE BULLS AT? WE DON'T QUIT. pic.twitter.com/J30E70EV5f — MaxiDoge (@MaxiDoge_) March 31, 2026 Hard numbers: current presale price is $0.0002811 , with $4.7 million raised to date and 66% staking APY as a bonus . Research Maxi Doge before the next price increase. This article is not financial advice. Crypto markets are highly volatile. Always conduct your own research before investing. The post Solana Price Prediction: After The Exploit, Is The Network Still Safe? Will Price Recover? appeared first on Cryptonews .
3 Apr 2026, 03:00
Drift Hack Fallout: 20 Protocols Now Devastated by $285 Million Security Breach

BitcoinWorld Drift Hack Fallout: 20 Protocols Now Devastated by $285 Million Security Breach The devastating Drift hack continues to expand its reach across the Solana ecosystem, with the number of affected protocols now reaching 20 according to comprehensive data analysis. This significant security breach, initially reported with 11 victims, has nearly doubled in scope, revealing deeper systemic vulnerabilities within decentralized finance infrastructure. The escalating impact underscores critical challenges facing blockchain security protocols as the total losses approach $285 million. Drift Hack Expands to 20 Vulnerable Protocols Solana ecosystem media platform SolanaFloor compiled the latest data showing the breach’s expanded reach. Consequently, the newly identified victims include PiggyBank, Perena, Vectis, Valeo, Amp Pay, Loopscale, Prime Numbers Fi, Gauntlet, and Exponent. Among these protocols, Prime Numbers Fi sustained particularly severe losses exceeding $10 million. The expanding list demonstrates how interconnected vulnerabilities can propagate across decentralized networks. Furthermore, security analysts note the breach’s progression follows a concerning pattern. Initially, the attack seemed contained to a smaller subset of protocols. However, subsequent investigations revealed broader exposure. The timeline shows the hack discovery occurred approximately 72 hours before the full scope became apparent. This delay allowed the attackers to exploit additional vulnerabilities before security patches could be implemented. Solana Ecosystem Security Implications The expanding breach reveals fundamental security challenges within decentralized finance architecture. Specifically, the interconnected nature of DeFi protocols creates cascading vulnerability risks. When one protocol experiences a security failure, adjacent protocols with shared dependencies often become exposed. This domino effect explains why the Drift hack impact continues to grow despite initial containment efforts. Technical Analysis of the Attack Vector Security researchers have identified several technical factors contributing to the breach’s expansion. First, the initial exploit leveraged a smart contract vulnerability in price oracle implementation. Second, the attacker utilized flash loan capabilities to manipulate asset prices across multiple protocols simultaneously. Third, insufficient access controls allowed the attack to propagate through interconnected liquidity pools. The following table illustrates the progression of affected protocols: Discovery Phase Protocols Affected Estimated Losses Initial 24 Hours 11 protocols $180 million Following 48 Hours 9 additional protocols $105 million Total Impact 20 protocols $285 million Moreover, the attack methodology demonstrates increasing sophistication among blockchain exploiters. Attackers now routinely combine multiple vulnerability types to maximize their impact. They specifically target protocols with shared dependencies and interconnected liquidity mechanisms. Protocol-Specific Impact Analysis Each affected protocol experienced unique consequences based on their architecture and integration depth. Prime Numbers Fi, with its $10 million loss, represents the most significant individual impact among newly identified victims. The protocol’s complex mathematical models for yield optimization created unexpected vulnerability points. Similarly, Gauntlet’s risk management infrastructure suffered collateral damage despite its security-focused design. The newly affected protocols share several concerning characteristics: Shared liquidity pools with initially compromised protocols Integrated price oracles from the same providers Cross-protocol composability enabling attack propagation Similar smart contract architectures with shared code libraries Additionally, the breach timing coincided with peak trading activity across Solana-based DeFi applications. This timing maximized the attacker’s potential gains while complicating immediate response efforts. Protocol teams faced the dual challenge of securing their systems while managing community concerns about fund safety. Industry Response and Security Measures The blockchain security community has mobilized multiple response initiatives following the breach expansion. Leading audit firms have initiated emergency security reviews for all Solana-based protocols with similar architectural patterns. Meanwhile, decentralized autonomous organizations governing affected protocols have activated emergency response mechanisms. These include temporary protocol pauses, enhanced monitoring, and accelerated security patch deployment. Long-Term Security Implications This expanding breach will likely influence DeFi security standards for years. Protocol developers must now consider not only their own security but also the security of interconnected systems. The industry faces increasing pressure to implement more robust isolation mechanisms between protocols. Additionally, real-time monitoring systems must improve to detect cross-protocol attack patterns earlier. Security experts emphasize several critical lessons from this incident: Protocol interdependence requires new security paradigms Real-time threat detection needs substantial improvement Emergency response protocols must account for cascading failures Insurance and compensation mechanisms require reevaluation Furthermore, regulatory attention will likely increase following this high-profile breach. Policymakers may push for enhanced security requirements and incident reporting standards. The DeFi industry must balance security improvements with maintaining decentralization principles. Conclusion The Drift hack’s expansion to 20 affected protocols represents a watershed moment for blockchain security. This incident demonstrates how vulnerabilities can propagate across interconnected DeFi ecosystems with devastating financial consequences. The $285 million total loss underscores the urgent need for improved security architecture and response mechanisms. As the Solana ecosystem addresses these challenges, the broader blockchain industry must learn from this breach to prevent similar incidents. Ultimately, the Drift hack fallout will likely accelerate security innovation across decentralized finance. FAQs Q1: What caused the Drift hack to affect additional protocols? The hack propagated through shared dependencies between protocols, including integrated price oracles, cross-protocol liquidity pools, and similar smart contract architectures that created interconnected vulnerability points. Q2: How are protocols responding to prevent further expansion? Affected protocols have implemented emergency measures including temporary pauses, enhanced security monitoring, accelerated patch deployment, and comprehensive audits of interconnected systems to identify potential vulnerability chains. Q3: What makes Prime Numbers Fi’s $10 million loss particularly significant? Prime Numbers Fi’s complex mathematical models for yield optimization created unexpected vulnerability points that the attacker exploited, demonstrating how sophisticated DeFi mechanisms can introduce novel security risks. Q4: How does this breach compare to previous cryptocurrency hacks? The Drift hack stands out for its cascading effect across multiple protocols, whereas previous major hacks typically targeted individual platforms. The $285 million total and 20 affected protocols make it one of the most extensive cross-protocol breaches in DeFi history. Q5: What long-term changes might result from this security breach? The industry will likely develop new security standards for protocol interdependence, improved real-time threat detection systems, enhanced emergency response protocols for cascading failures, and potentially new regulatory frameworks for DeFi security. This post Drift Hack Fallout: 20 Protocols Now Devastated by $285 Million Security Breach first appeared on BitcoinWorld .





































