Among the stolen assets are USDC, WBTC, WETH, cbBTC and JLP tokens worth USD 155M.
The attacker converted the funds into USDC and bridged them to the Ethereum network.
Drift Protocol, the leading decentralized perpetual futures exchange on the Solana network, was the victim of a exploit this Wednesday, April 1, which resulted in the unauthorized transfer of approximately USD 270 million in digital assets, the equivalent of about 50% of the platform’s total value locked (TVL).
The attack was confirmed by Drift’s own team. In a statement published on X, the platform pointed out that it was observing “unusual activity” in the protocol and asked users not deposit funds while the incident was being investigated. The team added that it suspended deposits and withdrawals, and that it was coordinating with security firms, bridges (bridges) and exchanges to contain the situation. “This is not an April Fools’ joke,” they clarified.
Drift Protocol is an open source, decentralized trading platform built on Solana, considered a centerpiece of the ecosystem for perpetual futures trading, with a TVL exceeding $550 million before the attack.
The on-chain data indicates that the exploit began around 4 PM UTC, with a first transfer of USD 155 million in JLP tokens from one of the vaults of the protocol. Assets drained include USDC, cbBTC, WBTC, WETH and other tokens. The attacker’s newly created address received the transfers and began converting the assets into USDC and then transferring them to Ethereum.
If the total amount is confirmed, the attack would be the largest exploit DeFi in the Solana ecosystem since the hack of the bridge Wormhole. The native DRIFT token fell more than 20% in the hours following the incident.
At the time of writing, Drift had not published an official technical analysis on the attack vector. The platform promised to keep users informed through its X account. The investigation continues.