Drift Protocol, a Solana-based decentralized exchange primarily used for trading perpetual futures, is under an active exploit that has resulted in the theft of more than $250 million in funds, according to on-chain data. The protocol announced the attack on X at approximately 3:00 p.m. ET on Wednesday, confirming that deposits and withdrawals had been suspended. The team stated it was coordinating with multiple security firms, bridges, and exchanges to contain the incident. In its post, the protocol added: “This is not an April Fools joke.”
Reports of suspicious activity emerged roughly two hours before the official announcement, when users observed large sums being moved from the Drift Protocol vault to a Solana wallet address beginning with “HkGz4K.” The first recorded transfer occurred around 11:06 a.m., when approximately 41 million JLP tokens valued at $155 million were sent to that address. In the minutes that followed, millions more in various crypto tokens were transferred to the attacker and subsequently distributed across additional wallets.
On-chain data from Solana block explorer Solscan shows the attacker’s address was initially funded with just 1 SOL the previous week, suggesting the exploit may have been in preparation since that time. A small test transfer valued at approximately $2.52 was also received from the Drift Vault around that period. By the end of Wednesday’s attack, total transfers to the attacker’s address exceeded $250 million, according to blockchain analytics firm Arkham Intelligence. Estimates from PeckShield Alerts place the total as high as $285 million.
Drift Protocol has not yet identified the precise cause of the breach, but on-chain researchers and security experts suggest it likely stems from an exposed private key that granted the attacker access to admin functionality and the protocol’s vaults. Jiang Xuxian, founder of blockchain security firm PeckShield, told Decrypt that the attack relied on gaining privileged access to Drift’s systems. “The admin keys behind Drift were definitely leaked or compromised,” he said. This points to human error rather than a technical flaw in the protocol’s code.
Prior to the exploit, Drift Protocol held $550 million in total value locked, according to data from DefiLlama. The platform’s broad range of assets and decentralized finance capabilities had made it closely connected to other firms within the Solana ecosystem. Some entities with exposure to the platform, including publicly traded Solana treasury firms Forward Industries and DeFi Development Corp, have stated that their treasuries were not affected by the incident.
Other Solana-based infrastructure providers have taken precautionary steps in response to the attack. Wallet provider Phantom implemented warnings for users attempting to access Drift Protocol while investigations remain ongoing. Drift’s native token, DRIFT, fell nearly 28% on the day, recently trading around $0.049. The token has now declined more than 98% from its all-time high of $2.60, reached in November 2024.
Originally reported by Decrypt.
