Casablanca – Drift, one of Solana’s largest perpetual trading protocols, was hit on Wednesday by a sophisticated hack that led to the theft of around $280 million in crypto assets, making it the biggest exploit of 2026 so far and one of the largest ever on the blockchain network.
The team first warned users on X that it was seeing “unusual activity” before later confirming that a malicious actor had gained unauthorized access through what it described as a novel attack involving durable nonces, a Solana feature that allows transactions to be signed in advance and executed later.
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
Deposits and withdrawals were immediately suspended as the protocol moved to contain the breach with help from security firms, bridges, and exchanges.
According to Drift, the attacker spent several weeks preparing the operation. The breach appears to have combined pre-signed durable nonce transactions with compromised multisig approvals, likely obtained through targeted social engineering or transaction misrepresentation.
This allowed the hacker to rapidly seize the administrative powers of Drift’s Security Council and drain funds from the protocol.
Drift said there is no evidence that seed phrases were compromised, suggesting the weakness came from governance and signer processes rather than a flaw in the smart contracts themselves.
That view was echoed by Ledger CTO Charles Guillemet, who said the method resembled the 2025 Bybit hack and may point to the kind of coordinated tactics often associated with North Korean threat actors, though no attribution has been confirmed.
On-chain investigators say the stolen assets were quickly swapped into stablecoins, routed through Jupiter and deBridge on Solana, and then partially bridged to Ethereum, where at least 5,000 ETH was received by one traced address.
Total amount of stolen funds (more than $280 million) is 13 times bigger than Drift’s annualized fees amount. pic.twitter.com/4RJwhIEyfJ
— AMLBot (@AMLBotHQ) April 1, 2026
AMLBot estimated that more than $200 million was actively being laundered across chains within hours, while roughly 30,000 ETH remained dormant in attacker-linked wallets.
The fallout may spread beyond Drift. Community members flagged possible knock-on exposure for Neutral Trade, Elemental, Project 0, and Ranger Finance, while Synatra said it had not been affected.
Morocco World News is also on X — check out our latest posts now! Get MWN on iOS and Android for instant access to breaking news.

Join on WhatsApp
Join on Telegram







