Highlights:
- Ledger CTO tied the Drift exploit to the same signer deception seen in the Bybit breach.
- More than $230 million moved from Solana to Ethereum through Circle’s CCTP.
- Drift’s TVL fell below $250 million as the DRIFT token extended sharp losses.
The Popular Decentralized Exchange (DEX) Drift Protocol suffered an exploit whereby hackers stole about $280 million today. On-chain trackers on X reported that the attacker started moving stablecoins into Ethereum. Meanwhile, remarks by Ledger CTO Charles Guillemet shaped the perspectives of the breach.
Advertisement
The Breach Follows a Familiar Path From Last Year
According to Guillemet, the attack likely began well before the money moved. He said criminals either stole enough keys or misled multisig signers into clearing a harmful transaction. Similarly, that pattern matched Bybit’s 2025 breach, which investigators linked to North Korea’s Lazarus Group.
Guillemet argued that the attackers targeted people, devices, and routines. In other words, they exploited trust at the approval stage. Signers may have thought they approved a normal operation, while they actually cleared the drain. As a result, the exploit looked less like a coding failure and more like a security process breakdown.
Drift Protocol, one of the leading perpetual DEXs on Solana, has been hacked for approximately $213M. This makes it the biggest hack of 2026 so far, and one of the largest ever on the Solana blockchain, right behind the Wormhole Bridge exploit of 2022.
The full details of the…
— Charles Guillemet (@P3b7_) April 2, 2026
Meanwhile, fresh on-chain activity added to that view. Researchers said the attacker’s wallet received 1 SOL a week earlier. This suggested preparation, not improvisation. As soon as the drain started, the pilfered money moved swiftly.
Pressure Spread Across Solana After the Funds Movement
Drift later confirmed the exploit on X and halted deposits and withdrawals. The team said it was working with security firms, bridges, and exchanges to contain damage. Afterward, ZachXBT reported that the attacker bridged more than $230 million in USDC through Circle’s CCTP. The transfers from Solana to Ethereum spanned over 100 transactions in six hours.
The movement consequently attracted criticism as no freeze was made during the bridge activity. According to DefiLlama data, Drift’s total value locked dropped to less than $250 million from $550 million. The DRIFT token also dropped nearly 30%, trading near $0.05266. The token is now down by 98% from its all-time high of $2.65.
The fallout further hit more than the protocol itself. On X, Solana Foundation Chair Lily Liu said the weakness involved social engineering and operational security. She stressed that the smart contract held up under pressure. Meanwhile, wallet provider Phantom added warnings, while several treasury firms such as Forward Industries and DeFi Development Corp said their reserves stayed untouched.
The Drift incident hits hard, it stings for the whole ecosystem.
Drift has been working around the clock to investigate and contain it. We're supporting where possible.
Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than… https://t.co/1or5OtozKm
— Lily Liu (@calilyliu) April 2, 2026
Security Failures Now Sit at the Center
The Ledger CTO used the incident to push three security priorities. First, he called for stronger detection tools across networks and signer endpoints. He argued that the attackers often sit inside systems long before they strike. Therefore, earlier alerts could break that timeline.
Second, he urged firms to strengthen key management with hardware-backed signing and tighter governance. He also warned that internet-connected software wallets leave multisig setups exposed to supply-chain attacks.
Third, he explained, sign-in clarity is the most important since the operators have to be able to read the transaction information before approval. In the absence of such clarity, the signers are unable to detect a trap on time. Security is not limited only to audits and code reviews. Instead, operators should have the right information at the exact time they sign.
Meanwhile, Tether chief executive Paolo Ardoino echoed the urgency. He praised the USDT0 team for pausing the Solana mesh infrastructure within 90 minutes. This response aimed to limit further movement through omnichain USDT rails.
USDT is the People's digital dollar.
People and institutions will always gravitate towards solutions that protect them in difficult moments like these security breaches.
Well done @USDT0_to team ❤️ https://t.co/88WmWgmkoE
— Paolo Ardoino 🤖 (@paoloardoino) April 2, 2026
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
