Drift Protocol, the largest decentralized perpetual futures exchange on Solana, was hit by a sophisticated attack that drained approximately $285 million in user assets on April 1, 2026. Security firms TRM Labs and Elliptic have attributed the attack to North Korean hackers, likely the Lazarus Group, who used a combination of social engineering, oracle manipulation, and governance takeover to execute the exploit in just 12 minutes.
The attack began weeks earlier on March 11 with preparations including creating fake collateral through the CarbonVote Token (CVT) and using Solana's 'durable nonce' feature to pre-sign administrative transactions. The exploit affected over 20 protocols in the Solana ecosystem, with users still unable to access funds as of April 3. This marks the largest DeFi hack of 2026 and the second-largest in Solana's history after the 2022 Wormhole bridge hack.
