Rhea Finance lost $7.6M in a NEAR exploit, but Tether froze $3.29M in USDT. So why did $230M in USDC move freely during the Drift hack? | Credit: CCN.com
Share
Key Takeaways
Drift Protocol suffered a $285 million hack on April 1, 2026, the largest crypto exploit of the year so far.
The attacker used a fake token and a compromised admin key to manipulate oracles and drain vaults.
Funds were bridged via Circle’s CCTP, with ZachXBT criticizing the lack of a timely freeze.
Solana-based Drift Protocol, a major decentralized perpetuals exchange, suffered a $285 million exploit on April 1, 2026.
What began as unusual on-chain activity quickly escalated into the year’s largest hack, wiping out more than half of the protocol’s total value locked (TVL).
Sponsored
Disclosure
We sometimes use affiliate links in our content, when clicking on those we might receive a commission at no extra cost to you. By using this website you agree to our terms and conditions and privacy policy.
Within minutes, the attacker drained over $285 million in assets, including USDC, SOL, JLP, WBTC, and others.
Drift protocol hack. Credit: Arkham.
Drift’s TVL fell from roughly $550 million to under $300 million in less than an hour.
The DRIFT token dropped more than 40% during the incident, sending shockwaves across Solana’s DeFi ecosystem.
The impact spread quickly. Multiple protocols with exposure to Drift liquidity or strategies paused operations or assessed losses.
A dozen Solana protocols were affected by the Drift protocol hack. Credit: SolanaFloor.
Some reported limited exposure and moved to reimburse users, while others temporarily halted deposits, withdrawals, or borrowing functions.
PiggyBank_fi said it had around $106,000 in exposure through its delta-neutral strategies and moved quickly to cover users using team funds.
Reflect Money paused minting and redemptions for USDC+ and USDT+, noting that its insurance coverage remains in place.
Ranger Finance temporarily halted RGUSD deposits and withdrawals, with potential exposure estimated at over $900,000, while Project0 stopped borrowing against Drift positions as a precaution.
Several other platforms, including TradeNeutral, GetPyra, xPlace, Uselulo, and Elemental DeFi, either paused key features or reported limited exposure while conducting security checks.
Jupiter Exchange, meanwhile, said its JLP pool remains fully backed, helping contain wider fallout.
How the Attack Worked
The exploit combined several weaknesses: a fake token, manipulated oracle pricing, and a compromised admin key.
They seeded a small liquidity pool—about $500—on Raydium and used wash trading to build a price history near $1.
Over time, this artificial price was picked up by oracles, making the token appear legitimate.
On April 1, the attacker used a compromised admin key to list CVT as a valid market on Drift.
At the same time, they raised withdrawal limits to extreme levels, effectively removing safeguards that would normally restrict large outflows.
The attacker then deposited hundreds of millions of CVT tokens as collateral. Based on the manipulated oracle price, this collateral appeared highly valuable.
Using that inflated position, they executed 31 rapid withdrawals—draining real assets from the protocol, including tens of millions in USDC, JLP, and other tokens, within roughly 12 minutes.
Drift hack fund loss. Credit: PeckShield.
The exploit did not rely on a complex code vulnerability. Instead, it exploited trust in price feeds, governance controls, and the lack of strict safeguards such as timelocks.
Independent researcher Ares and on-chain sleuths pieced together the timeline, confirming the attack leveraged both a multisig migration (changed to 2/5 without timelock weeks earlier) and untested protocol updates.
Security audits by Trail of Bits (2022) and ClawSecure (February 2026) had given Drift passing grades, but the CVT market introduction and recent governance changes apparently slipped through the cracks.
Where the Funds Went
After the exploit, the attacker quickly began moving funds.
Assets were consolidated and swapped into USDC and SOL, then partially bridged to Ethereum using Circle’s Cross-Chain Transfer Protocol (CCTP).
On Ethereum, portions were converted into ETH, while some funds moved through centralized exchanges.
Blockchain analysts tracked the funds as they spread across multiple wallets, complicating recovery efforts.
“Millions in stolen USDC bridged from Solana to Ethereum via CCTP while Circle sat on their hands,” ZachXBT posted, noting the irony of selective enforcement.
He argued that Circle had both the ability and precedent to intervene but did not respond in time to limit the damage.
Working With Law Enforcement
Drift’s team continues to work with law enforcement and security partners.
While some of the stolen USDC on Ethereum may still be recoverable, the bulk of the $285 million loss remains a stark reminder of DeFi’s persistent risks.
For Solana users and the broader crypto market, the Drift Protocol hack of 2026 is more than a headline; it’s a cautionary tale about the integrity of oracles, governance hygiene, and the speed at which $500 can become $285 million in stolen funds.
Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.
His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.
Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.
