Breaking! Leading Solana DEX suffers an epic raid, $285 million evaporates in 10 seconds, is the DeFi security myth completely shattered?

On the early morning of April 2, the top decentralized perpetual futures contract exchange in the Solana ecosystem, Drift Protocol, was attacked. The protocol’s official account first announced that it had detected abnormal activity, then directly confirmed that it had suffered an active attack, and paused all deposit and withdrawal functions.

On-chain data shows that the protocol’s treasury saw more than $285 million in assets flow out within an extremely short period of time. This figure makes it the largest DeFi security incident since the beginning of 2026. As a result, its native token $DRIFT price dropped by more than 30%, once touching $0.04. The protocol’s total value locked also plunged from about $550 million to $250 million.

The attack began with a newly created wallet address HkGz4K. This address first transferred $JLP tokens worth about $155 million out of Drift’s main treasury, followed by $USDC, $SOL, $cbBTC, $wBTC, $WETH, and some meme coins. The attacker moved quickly—using an aggregator to convert most of the assets into $USDC and then cross-chain to the Ethereum network to continue buying $ETH.

Drift Protocol was founded at the end of 2021 and is one of the earliest perpetual futures contract DEXs on Solana, known for low latency and high leverage. It uses a design where user funds go directly into a tiered treasury, intending to improve transparency, but this event exposed its weaknesses.

Omer, co-founder of blockchain risk analytics firm Chaos Labs, revealed the attack details. The core issue was that the protocol’s administrator key was stolen. The attacker used the stolen signer key to withdraw more than $213 million in funds in less than 10 seconds. The protocol lacked risk-control measures such as time locks and multi-sig delay protections, causing the attack to be basically completed within 15 seconds.

The specific attack path is divided into three steps. First, the attacker created a fake spot market named CVT in a single transaction and set extreme parameters so it could deposit worthless tokens and gain unlimited borrowing power. At the same time, he increased the breaker thresholds of five real asset markets by 20 times, clearing the way for large withdrawals.

Second, the attacker configured an oracle for the CVT market that was controlled by him, manipulating its price to the level of several hundred million $SOL, providing a fake valuation for subsequent collateralized borrowing.

Finally, the attacker minted roughly 750 million CVT tokens, with 80% controlled by him, and deposited them into the protocol in two installments. He then used them as collateral to borrow out all the real assets in the treasury. After the attack, the JLP treasury was drained from 41.7 million to only 133 tokens.

More in-depth investigation points to a failed multi-sig migration from one week earlier. Drift migrated to a new multi-sig wallet, but that multi-sig retained only one old signer, with the other four being entirely new addresses, and it set a 2/5 threshold and a zero-second time lock. The attacker initiated a proposal by controlling the old multi-sig to transfer administrator permissions to the new wallet. After that, the sole old signer proposed changing Drift’s administrator permissions; a new signer immediately agreed, and the transaction took effect instantly.

After the incident, the Drift team responded quickly but with limited information. The Phantom wallet cut off the direct interaction entry point with the protocol. $Jupiter’s official account clarified that its lending product did not involve Drift markets, and that JLP is supported by underlying assets.

As of now, the attacker has exchanged the stolen $285 million in assets for about 129,000 $ETH, worth $278 million. In historical attacks of similar scale, the probability of successfully追回 recovering funds is usually very low. The protocol remains in a full pause state, and the subsequent restoration and compensation plan has not yet been clarified.

Follow me: Get more real-time crypto market analysis and insights! $BTC $ETH $SOL

#April market forecast #Crypto market broadly up #Gold and silver move stronger in sync