The Solana-based decentralized finance protocol Drift has lost more than $280 million (₹2,350 crore) in a recent attack, marking the largest security incident of 2026 so far. The platform confirmed it was experiencing an active attack and temporarily suspended deposits and withdrawals while attempting to contain the breach. “This is not an April Fool’s joke,” the team said.
Attack Linked to Unauthorized Access and Administrative Control
Drift later stated that the attacker gained unauthorized access through what it described as a “novel attack,” taking control of the protocol’s Security Council administrative powers. Initial estimates had placed the losses at around $200 million, but subsequent analysis by crypto security firm CertiK indicated that the figure had exceeded $280 million (₹2,350 crore), involving multiple tokens including stablecoins and tokenized bitcoin.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
CertiK described the incident as the largest security breach recorded this year, a claim later confirmed by Drift. The firm also noted that funds were actively being moved or laundered, with significant amounts traced to specific wallets.
Funds Movement and Exploit Mechanics Under Scrutiny
According to Lookonchain, more than $270 million worth of crypto assets were swapped into the USD Coin stable coin, with indications that the funds could be further converted into ethereum. Analysts reported that the attacker obtained two of the five required signatures needed to approve a multisignature transaction.
Drift explained that the attack involved a combination of pre-signed durable nonce transactions and compromised approvals from multiple multisignature signers. The breach was likely facilitated through targeted social engineering or misrepresentation of transaction details.
Further analysis suggested that the exploiter initiated changes in the multisignature setup, gaining administrative control. One of the original signers transitioned into a new configuration, where only one carried over from the previous setup, allowing rapid execution of transactions under a reduced approval threshold.
Security Concerns and Timeline of Events
Blockchain intelligence experts noted that Drift had introduced a new multisignature system shortly before the attack, requiring more than one signature. However, not all previous signers were included in the updated structure. The wallet was reportedly configured with a two-out-of-five threshold and no delay mechanism, enabling immediate execution of approved transactions.
Independent researchers observed that the attacker’s initial funding transactions occurred roughly 12 hours before a Drift-related event held on March 25. This has raised questions about potential operational security lapses, including the possibility of compromised systems or physical access points.
Data from PeckShield indicates that March saw 20 major crypto security incidents resulting in $52 million in losses, significantly lower than the Drift breach alone. The scale and method of the attack have intensified scrutiny over security practices in decentralized finance platforms.
