{"id":23763,"date":"2026-04-02T16:20:43","date_gmt":"2026-04-02T16:20:43","guid":{"rendered":"https:\/\/nft.runfyers.com\/index.php\/2026\/04\/02\/drift-protocol-hacked-over-270m-wiping-out-50-of-its-tvl\/"},"modified":"2026-04-02T16:20:43","modified_gmt":"2026-04-02T16:20:43","slug":"drift-protocol-hacked-over-270m-wiping-out-50-of-its-tvl","status":"publish","type":"post","link":"https:\/\/nft.runfyers.com\/index.php\/2026\/04\/02\/drift-protocol-hacked-over-270m-wiping-out-50-of-its-tvl\/","title":{"rendered":"Drift Protocol Hacked Over $270M, Wiping Out 50% of Its TVL"},"content":{"rendered":"

<\/p>\n

\n

Drift Protocol,<\/strong> one of the major perpetual decentralized exchanges (DEX) on Solana, was reportedly exploited on April 2, 2026, with total estimated damages exceeding $270 million<\/strong>. According to on-chain data, this amount is equivalent to more than 50% of the protocol\u2019s total value locked (TVL),<\/strong> marking one of the largest exploits on the Solana.<\/span><\/p>\n

What happened<\/b>\u00a0<\/span><\/h2>\n

The first signs emerged when on-chain data recorded unusual capital outflows from Drift Protocol\u2019s vaults within a very short timeframe. Multiple large transactions were executed consecutively, all directed to a single wallet address: HKgZ4K.<\/span><\/p>\n

In a post last night, Drift Protocol confirmed that the platform is facing an ongoing attack and has temporarily suspended critical operations to limit damage.<\/span><\/p>\n

\n

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We\u2019ll provide additional updates from this account as\u2026 https:\/\/t.co\/03SRPq4fHj<\/a><\/p>\n

\u2014 Drift (@DriftProtocol) April 1, 2026<\/a><\/p>\n<\/blockquote>\n

Messages from the team indicate that the incident was detected almost in real-time, as deposit and withdrawal activities were immediately halted, and the project began coordinating with various stakeholders to control the situation.<\/span><\/p>\n

Initial reports did not clarify the specific cause of the incident. According to the latest update on X, Drift Protocol stated that the attack did not stem from a smart contract bug<\/strong>, but was related to the attacker gaining unauthorized access to the governance system through Solana\u2019s \u201cdurable nonce\u201d mechanism.<\/span><\/p>\n

\n

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift\u2019s Security Council administrative powers.<\/p>\n

This was a highly sophisticated operation that appears to have involved\u2026<\/p>\n

\u2014 Drift (@DriftProtocol) April 2, 2026<\/a><\/p>\n<\/blockquote>\n

According to the project, the attacker used pre-signed transactions combined with gathering sufficient signatures from the multisig to execute a malicious admin rights transfer, thereby gaining control over protocol-level permissions. This process is believed to have been prepared for weeks and executed in just minutes.<\/span><\/p>\n

Fund Flow & Stolen Assets<\/b>\u00a0<\/span><\/h2>\n

Similar to previous large-scale DeFi exploits, the attacker executed continuously large transactions within minutes.<\/span><\/p>\n

\n

The Drift Protocol exploiter is swapping the $270M+ stolen assets into $USDC<\/a>, then bridging to #Ethereum<\/a> to buy $ETH<\/a>. \ud83d\udea8<\/p>\n

So far, they have bought 19,913 $ETH<\/a> ($42.6M).https:\/\/t.co\/I0kfOvxqRp<\/a>https:\/\/t.co\/C5nLmNfYsM<\/a> pic.twitter.com\/WesXqfQnsn<\/a><\/p>\n

\u2014 Lookonchain (@lookonchain) April 1, 2026<\/a><\/p>\n<\/blockquote>\n

Specifically, after withdrawing assets from Drift Protocol, the majority of the funds were quickly converted into USDC before being bridged from Solana to Ethereum<\/strong> and subsequently used to purchase ETH. According to Lookonchain, the attacker bought approximately 19,913 ETH (equivalent to about $42.6 million) in the initial stage, then continued to accumulate. Currently, the exploiter\u2019s wallet has nearly completed the conversion of all stolen assets to Ethereum, holding approximately 130,000 ETH<\/strong>, valued at over $270 million.<\/span><\/p>\n

\n

Drift Protocol appears to have been exploited, with over $270M in assets suspiciously transferred to wallet HkGz4K. \ud83d\udea8<\/p>\n

That’s crazy!https:\/\/t.co\/iWVPzvDDhx<\/a> pic.twitter.com\/AQCa5q4b3M<\/a><\/p>\n

\u2014 Lookonchain (@lookonchain) April 1, 2026<\/a><\/p>\n<\/blockquote>\n

Notably, about $155 million in JLP \u2014 the token representing the system\u2019s liquidity \u2014 was part of the total $270 million stolen, indicating that the exploit directly impacted Drift\u2019s core liquidity structure.<\/span><\/p>\n

Impact: TVL, Price & Users<\/b>\u00a0<\/span><\/h2>\n