Drift Protocol suffered a $285 million hack on April 1, 2026, the largest crypto exploit of the year so far. The attacker used a fake token and a compromised admin key to manipulate oracles and drain vaults. According to DefiLlama, Drift's total value locked (TVL) collapsed from approximately $550 million to under $250 million following the attack. This makes it the largest DeFi hack of 2026 to date and the second-largest security incident in the Solana ecosystem after the $326 million Wormhole bridge exploit in 2022. An attacker drained at least $270 million from the Drift Protocol on Solana by abusing a legitimate feature called 'durable nonces,' rather than exploiting a code bug or stolen keys. By securing two misleading approvals from Drift's five-member Security Council multisig, the attacker pre-signed transactions that remained valid for more than a week and then used them to seize protocol-level control in minutes. The on-chain behavior, laundering methodologies and network-level indicators associated with the attack are consistent with techniques observed in previous DPRK-attributed operations. If confirmed, this incident would represent the eighteenth DPRK act Elliptic has tracked this year, with over $300 million stolen so far.