Drift Protocol Hacked for $285 Million: Largest DeFi Hack of 2026 on Solana

An unknown hacker breached one of the largest perpetual DEXes on Solana - Drift Protocol. According to PeckShield, approximately $285 million in various assets was drained from the protocol. This is already the second-largest exploit in Solana history and the biggest DeFi hack of the year.

The attack started around 16:00–17:00 UTC. The hacker gained administrative access to the protocol (compromise of Security Council private keys, not a smart-contract bug). He quickly drained three main vaults:

• JLP Delta Neutral - the largest amount, roughly $155–160 million in JLP tokens;
• USDC - about $60–71 million;
• plus SOL, cbBTC, wBTC, and other liquid staking tokens from the SOL and BTC Super Staking vaults.

Drift’s total TVL crashed from $550 million to under $250 million in just a few hours. Funds are being actively withdrawn: part of the USDC was bridged via Circle CCTP to Ethereum and swapped into ETH and other assets. As of this publication, the attacker has already accumulated around 130,000 ETH ($266–277 million).

ZachXBT sharply criticized Circle for its slow reaction. He pointed out that the USDC issuer had at least 6 hours (during U.S. business hours) to freeze the stolen stablecoins on the hacker’s wallet, but did nothing.

“Circle was sleeping while millions in USDC left through their own bridge,” he wrote.

The fact that Circle has frozen wallets quickly in other cases only fueled community outrage.

The Drift team responded quickly: they posted a warning (“we are investigating anomalous activity, do not deposit”), paused deposits and withdrawals, and started coordinating with PeckShield, other security firms, exchanges, and bridges. A full post-mortem and compensation plan have not yet been released — the situation is still unfolding. Some analysts (Elliptic) have noted patterns typical of North Korea-linked attacks.

Market reaction to $DRIFT was chaotic:

• On most exchanges the token plunged 30–50% (hitting a low around $0.035).
• On the Korean exchange Bithumb in the KRW pair, however, it skyrocketed nearly 180% due to a temporary liquidity gap (deposit/withdrawal restrictions created arbitrage opportunities).

Degens and on-chain detectives are already actively tracking the stolen funds. Part of the loot has already been converted to ETH and spread across multiple addresses.

Drift is not the first project to fall victim to admin-key compromise rather than a code bug. This incident once again proves that even “decentralized” protocols remain vulnerable to human factors and multisig management.

The situation is still developing. Follow updates from @DriftProtocol and PeckShield, the team has promised to share new details as the investigation progresses. DeFi once again reminds us: security matters more than TVL and hype.