Highlights:
- Drift Protocol suffers a $285 million loss after a coordinated attack on the exchange.
- The DEX platform reported that the compromise was a result of unauthorized access to key approvals.
- Drift Protocol has already initiated appropriate steps to track and recover the stolen assets
The Popular Decentralized Exchange (DEX) Drift Protocol was the target of a security compromise, resulting in losses of approximately $285 million. PeckShieldAlert, a renowned on-chain investigation platform, tweeted about the exploit in the early hours of today. According to PeckShieldAlert, the incident affected over 50% of the exchange’s Total Value Locked (TVL) assets. In addition, DRIFT, the trading platform’s native token, plummeted by almost 37% and is currently trading at about $0.04.
Advertisement
Going further, the on-chain investigation platform reported that the hacker has successfully bridged the stolen assets from Solana (SOL) to Ethereum (ETH) through the Cross-Chain Transfer Protocol (CCTP) TokenMessengerMinterV2. So far, the scammer has moved 129,000 Ethereum tokens, valued at approximately $270.9 million.
#PeckShieldAlert Drift Protocol @DriftProtocol has been exploited, resulting in a loss of over $285M – more than 50% of its TVL. $DRIFT has plummeted by -37%.
The exploiter has already bridged the stolen assets from #Solana to #Ethereum via the CCTP TokenMessengerMinterV2,… pic.twitter.com/EZE4tP0f6c
— PeckShieldAlert (@PeckShieldAlert) April 2, 2026
Details of how the Exploiters Gained Unauthorized Access
Drift Protocol has confirmed the hack incident via a series of posts on its official X handle. The DEX platform also reported details of the incident and has initiated steps to mitigate future attacks and recover the stolen assets. According to Drift Protocol, the exploiter did not access the platform through a code vulnerability. The DEX platform reported that the breach was a result of unauthorized access to key approvals inside Drift’s Security Council.
Drift Protocol stated:
“This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.”
The attacker was also noted to have secured at least 2 out of the 5 required approvals in advance. This might have happened by tricking or deceiving signers into approving transactions under pretenses. A few days before launching the attack, especially around 23 March, the attacker created many special accounts known as durable nonce accounts. These new accounts allowed transactions to be signed earlier but executed later. Consequently, it allowed the scammer to wait and launch the attack at the appropriate time.
Despite updating its Security Council setup on 27 March, the attacker still managed to regain the access needed for the exploit. This suggests that the hack was probably ongoing and not fully removed by the update. The final exploit happened on 1 April. Shortly after a normal test transaction from the insurance fund, the hacker executed two pre-approved transactions within minutes.
This move gave the scammer quick and full control of the admin role. Immediately after gaining control, the attacker made key changes such as adding a fake asset, removing withdrawal limits, and using existing permissions to move funds away from the DEX platform.
The attacker was able to:
– Pre-position access using durable nonce accounts
– Obtain sufficient multisig approvals (2/5 multisig approval)
– Execute a malicious admin transfer within minutes, gaining control of protocol-level permissions
– Use that control to introduce a…— Drift (@DriftProtocol) April 2, 2026
Overview of the Stolen Assets as Drift Protocol Suffers $285M Exploit
In total, the scammer stole roughly $280 million in digital assets. These include funds from lending and borrowing pools, vault deposits, and user trading balances. Notably, some funds were not affected. They include assets like DSOL that were not deposited into Drift.
Also, insurance funds were unaffected, and Drift Protocol is already moving them to more secure locations. As part of its swift response steps, the DEX platform has already shut down all its operations to mitigate further losses. The exchange also noted that the compromised wallet has been removed.
Currently, Drift Protocol’s team is working with blockchain security experts, exchanges, bridges, and law enforcement agencies to track and recover the stolen assets. On 1 April, Crypto2Community reported that crypto hack incidents in March resulted in losses worth roughly $52 million. The security compromise on Drift Protocol has already exceeded this figure, heightening crypto and blockchain security concerns.
eToro Platform
Best Crypto Exchange
- Over 90 top cryptos to trade
- Regulated by top-tier entities
- User-friendly trading app
- 30+ million users
eToro is a multi-asset investment platform. The value of your investments may go up or down. Your capital is at risk. Don’t invest unless you’re prepared to lose all the money you invest. This is a high-risk investment, and you should not expect to be protected if something goes wrong.
Advertisement
