Drift Protocol, Solana's largest decentralized perpetual futures exchange, suffered a catastrophic $285 million exploit on April 1, 2026, making it the biggest crypto hack of the year. The sophisticated attack involved North Korean hackers who gained unauthorized access through a novel technique using durable nonces - a Solana feature allowing transactions to be pre-signed and executed later. The attackers spent weeks preparing, beginning on-chain staging on March 11th with funds from Tornado Cash.
The breach wasn't due to smart contract vulnerabilities, but rather a combination of social engineering that tricked multisig signers into pre-signing hidden authorizations and a zero-timelock Security Council migration that eliminated the protocol's defenses. The attackers created a fictitious token called CarbonVote Token with minimal liquidity, which Drift's oracles mistakenly treated as legitimate collateral worth hundreds of millions. Within 12 minutes, the attackers drained the funds and began rapidly laundering them across chains.
More than $200 million was actively laundered within hours through Jupiter and deBridge on Solana, then partially bridged to Ethereum via Circle's Cross-Chain Transfer Protocol. The incident exposed critical flaws in oracle design and governance hygiene, with security experts emphasizing the need for minimum liquidity thresholds, time-weighted price validation, and robust multisig processes. This marks the second-largest exploit in Solana's history after the 2022 Wormhole bridge hack.
