Solana DeFi Exchange Drift Protocol Exploited, Upwards of $285 Million Stolen

Solana-based decentralized exchange Drift Protocol is actively experiencing an exploit that has led to the theft of more than $200 million in funds, on-chain data shows. 

The protocol, which is primarily used to trade perpetual futures, has paused deposits and withdrawals amid the attack. 

“Drift Protocol is experiencing an active attack,” it posted on X around 3:00 p.m. ET on Wednesday. “Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke,” the company posted.

Reports of suspicious activity began around two hours earlier, when users noticed large sums being transferred from the Drift Protocol vault to a Solana address beginning with “HkGz4K.” 

The account’s first transfer took place around 11:06 a.m., when roughly 41 million JLP tokens valued at $155 million were transferred from the Drift Vault to “HkGz4K.” Shortly thereafter, millions more in various crypto tokens were transferred to the attacker and ultimately distributed to other wallets. 

The address, which was first funded with 1 SOL last week, may have had access to the potential exploit since that time, having received a small transfer from the Drift Vault valued at around $2.52, according to on-chain data from Solana block explorer, Solscan. 

After Wednesday’s exploits, total transfers from the protocol to the attacker’s address add up to more than $250 million, according to data from blockchain analytics firm Arkham Intelligence. 

Estimates from PeckShield Alerts indicate that as much as $285 million may have been exploited. 

Drift Protocol has not yet identified the cause of the exploit, but on-chain researchers and security experts have suggested it may be the result of an exposed private key, which allowed the attacker to compromise admin functionality and impact the vaults. In other words, human error and not a technical one.

Jiang Xuxian, founder of blockchain security firm PeckShield, told Decrypt that attack relied on gaining privileged access to Drift’s protocol.

“The admin keys behind Drift were definitely leaked or compromised,” he said.



Drift, which had $550 million in total value locked, according to DefiLlama, has been connected to other firms in the Solana ecosystem thanks to the wide array of assets available on its platform and its DeFi capabilities.

Some, like publicly traded Solana treasury firms Forward Industries and DeFi Development Corp, have indicated that their treasuries were not impacted by the exploit. 

Other Solana-based infrastructure firms, like wallet provider Phantom, have implemented warnings to users who may be trying to access the Drift Protocol while investigations are ongoing.

Drift’s native token, DRIFT, is down nearly 28% on the day, recently changing hands around $0.049. The token has fallen more than 98% from its November 2024 all-time high of $2.60.

Additional reporting by André Beganski