- Drift loses up to $270M as attackers move funds across chains.
- TVL drops from $534M to $255M, triggering a sharp liquidity exit for Drift Protocol.
- DRIFT token plunges ~30% as protocol halts and probes exploit.
A major exploit has hit Solana-based DeFi platform Drift Protocol, wiping out a large share of its liquidity and sending shockwaves across the ecosystem. Early estimates suggest that between $220 million and $270 million in assets were moved out of the protocol in a coordinated attack, which is one of the most significant on-chain breaches this year.
On-chain data indicates that the stolen funds were transferred to a wallet identified as “HkGz4K.” From there, the attacker began dispersing and converting assets across multiple platforms. A substantial portion was bridged to Ethereum, where it was used to acquire 19,913 ETH, valued at nearlly $42.6 million. Additional funds were routed through Hyperliquid, where stolen SOL was swapped into ETH, while some cryptos were moved to Binance.
The immediate impact on Drift Protocol’s liquidity has been severe. Total value locked on the platform dropped sharply to $255 million, down from $534 million prior to the incident. The contraction shows both the direct loss of funds and the rapid withdrawal of remaining capital as users rushed to limit exposure.
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
The platform’s native crypto also reacted swiftly. DRIFT dropped around 35% during early trading before stabilizing slightly. But it remains down around 30% over the past 24 hours. At last check, the token was trading near $0.044, which shows the extent of market panic after the breach.
Drift Faces Major Security Attack
Drift acknowledged the incident shortly after unusual activity was detected. In a public statement, the team said: “We are observing unusual activity on the protocol. We are currently investigating. Please do not deposit funds into the protocol while we investigate. This is not an April Fools joke. Proceed with caution until further notice. We’ll provide additional updates from this account.”
Operations have since been suspended as the team works with external security firms to track the attacker and assess the full scope of the exploit.
Breakdowns of the stolen assets reveal a diversified mix of holdings. Monitoring data shows the attacker currently controls approximately $103 million in USDC, $54 million in SOL, $19 million in WBTC, $12 million in WETH, and $11 million in cbBTC. Smaller allocations include $6 million in USDT, $5 million in USDS, $3 million in SYRUPUSDC, and $2 million in JLP tokens.
The incident has also affected related products within the Solana ecosystem. Jupiter officials moved quickly to clarify their exposure, and stated that their platform was not directly impacted. They added that Jupiter Lend had no involvement with Drift markets and added that JLP assets remain “fully backed by underlying assets.” The firm described the situation as a “difficult day” for the broader Solana DeFi landscape.
Estimates tied to JLP indicate losses reaching as high as $1.556 billion, though the figure reflects indirect exposure and market effects rather than direct compromise of Jupiter’s systems. The clarification was done to contain spillover concerns and stabilizing user confidence.
Also Read: Bonk.fun Hack Sparks Alert; Founder Puts Users First
