DeFi April 2, 2026

The Solana Hack That Drained $285M From Drift Protocol on April Fool’s Day

The Solana hack that hit Drift Protocol on April 1, 2026 was not a prank. An attacker drained $285 million from one of Solana’s largest DeFi platforms in 12 minutes, using a fake token worth $500, a fabricated price history, and social engineering. The Drift Protocol hack ranks as the second largest exploit in Solana history, behind only the 2022 Wormhole bridge attack, and has put crypto security across the entire ecosystem under a harsh spotlight.

DRIFT token 1D price chart showing the sharp drop following the exploit — Source: MEXC

Also Read: Nike Stock Crashes 15% in Brutal Selloff, Among Worst in Decades

No Code Bug, Just a Fake Token Worth $500 and Social Engineering

How the Solana Hack Was Pulled Off

drift protocol hack sol — Source: New Scientist

The attacker spent roughly three weeks creating a fake token called CarbonVote Token (CVT), seeded a $500 liquidity pool on Raydium, and wash-traded it until oracles accepted it as legitimate collateral. No vulnerability in Drift’s code was ever exploited.

On April 1, the attacker used pre-signed durable nonce transactions alongside targeted social engineering of Drift’s multisig signers to seize admin control. They raised withdrawal limits to $500 trillion, deposited 7.85 million CVT tokens as fake collateral, and drained real assets including USDC, SOL, JLP, and WBTC across 31 withdrawals.

Drift Protocol stated:

“The attacker took advantage of pre-signed durable nonce transactions, allowing them to delay execution and act at a strategic moment. By misleading several multisig signers through targeted social engineering, the attacker gained control of important administrative privileges.”

We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds into the protocol while we investigate. This is not an April Fools joke. Proceed with caution until further notice. We’ll provide additional updates from this account.
— Drift (@DriftProtocol) April 1, 2026

Fallout Across Solana

Drift’s TVL dropped from $550 million to under $300 million in under an hour. The DRIFT token crashed 40%, and twelve Solana protocols had to pause operations as a result. The attacker then converted the stolen funds to USDC and bridged them to Ethereum via Circle’s Cross-Chain Transfer Protocol.

The Drift Protocol exploiter is swapping the $270M+ stolen assets into $USDC, then bridging to #Ethereum to buy $ETH. 🚨

So far, they have bought 19,913 $ETH ($42.6M).https://t.co/I0kfOvxqRp https://t.co/C5nLmNfYsM pic.twitter.com/WesXqfQnsn
— Lookonchain (@lookonchain) April 1, 2026

On-chain analyst ZachXBT had this to say:

“Value was moved and nothing was done yet again. Six hours is how long Circle had to freeze stolen funds from the $280M+ Drift hack.”

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026

Two Audits, Zero Red Flags

Two security audits completed before the attack, Trail of Bits in 2022 and ClawSecure in February 2026, both gave Drift passing grades. Neither flagged the governance and oracle manipulation setup that made this Solana hack possible. Draining $285 million through a $500 token and some patient social engineering proves that the weakest points in crypto security are not always in the code.

Also Read: OCC Crypto Rule Is Live and Citadel, Schwab Are Already Filing for a Bank