Drift Protocol, a Solana-based decentralized perpetual futures exchange, suffered the largest DeFi exploit of 2026 on April 1st, losing $285 million within minutes. The attack involved a sophisticated three-phase operation where attackers used fake token creation, oracle manipulation, and compromised admin keys through Solana's 'durable nonces' feature. The exploit drained over half of the protocol's $550 million TVL, affecting more than 20 connected protocols including Carrot Protocol and Pyra Protocol.
Security firms Elliptic and TRM Labs have attributed the attack to DPRK-linked threat actors, citing similarities to previous Lazarus Group operations. The attack began weeks earlier with a Tornado Cash withdrawal and involved creating fake collateral through the CVT token that appeared legitimate to Drift's oracles. Users remain unable to access funds across affected protocols as investigations continue.
