- Trending
- Comments
- Latest
A breach of Solana’s Drift Protocol, announced on 1st April, 2026, has drained approximately $232 million from the DeFi platform and triggered a cascade of losses across 11 integrated protocols.
Blockchain security firms Elliptic and TRM Labs have linked the attack to North Korea’s Lazarus Group, the same organization behind the $1.4 billion Bybit hack and the Ronin bridge breach, citing distinctive wallet behavior and laundering patterns that match the group’s known tactics.
New findings from blockchain security firms have intensified concerns surrounding the Drift protocol exploit. Investigations by Elliptic and TRM Labs suggest that the attackers employed a familiar pattern long associated with Lazarus Group operations.
According to Elliptic researchers, “The wallet behavior and laundering patterns strongly resemble Lazarus Group’s established methods.”
The Drift protocol exploit reportedly began with wallets funded via Tornado Cash, followed by rapid cross-chain bridging into Ethereum and eventual consolidation for mixing—hallmarks of North Korean cybercrime strategy.
Security experts say this level of sophistication reinforces fears that state-backed hackers are becoming increasingly dominant in DeFi exploits.
One of the most alarming revelations about the Drift protocol exploit is how the attacker repeatedly compromised multisig wallets.
After Drift Protocol migrated control to a new set of Security Council members, the attacker breached the updated multisig within just three days.
Even more concerning, the exploiter had already prepared pre-signed malicious transactions on March 31—one day before the attack was executed.
“This wasn’t a one-off breach; it was a coordinated and persistent infiltration,” noted analysts from DivergSec.
The Drift protocol exploit has therefore exposed critical weaknesses in governance and access control mechanisms, particularly the absence of a timelock for protocol-level changes.
Critics argue that this flaw enabled the attacker to drain liquidity instantly without giving the community time to respond.
As the investigation deepens, the Drift protocol exploit has sparked speculation about possible insider involvement or internal compromise.
Drift Protocol confirmed that it has identified key wallets holding stolen funds and has sent direct messages to the attackers. In a statement, the team said, “We have uncovered critical information regarding the entities involved.”
While the project stopped short of naming suspects, the precision of the Drift protocol exploit has fueled community concerns about infiltration at some level.
The Drift protocol exploit has not remained isolated. Instead, it has triggered a ripple effect across the Solana DeFi ecosystem.
Drift’s total value locked (TVL) plunged from over $550 million to approximately $232 million following the breach. Several protocols integrated with Drift have suffered losses, frozen funds, or severe liquidity disruptions.
Among the hardest hit:
Other projects, including Pyra and XPlace, were also affected, with some losing all funds allocated to Drift-based strategies.
In total, at least 11 protocols have been directly impacted by the Drift-protocol exploit, underscoring how interconnected DeFi systems can amplify risk.
Despite the chaos caused by the Drift-protocol exploit, Solana’s native token showed resilience. SOL briefly dipped following news of the attack but quickly recovered above the $80 mark.
However, analysts warn that price stability does not reflect the deeper structural damage caused by the exploit.
“The reputational hit to DeFi lending protocols is far more significant than short-term price movements,” said a TRM Labs analyst.
The Drift-protocol exploit is part of a worrying trend in 2026, where increasingly sophisticated attacks are targeting decentralized finance platforms.
So far this year, at least 35 DeFi protocols have been exploited, with total losses reaching approximately $453 million.
Elliptic noted in its latest report, “Organized threat actors are scaling operations, making DeFi an increasingly attractive and vulnerable target.”
The Drift protocol exploit reinforces the harsh reality that DeFi, while innovative, remains a high-risk environment—particularly for yield-seeking investors.
Ultimately, the Drift protocol exploit serves as a stark reminder that security must evolve alongside innovation.
From multisig vulnerabilities to cross-protocol contagion, the incident highlights systemic weaknesses that cannot be ignored.
As investigations continue and funds are tracked, the industry faces a defining moment: adapt quickly or risk further erosion of trust.
For now, the Drift-protocol exploit stands as one of the most significant DeFi security breaches of the year—and a warning sign of what’s to come.
Copyright © 2025 - The Bit Gazette.
