![\"solana\"](\"https:\/\/www.newsbtc.com\/wp-content\/uploads\/2026\/04\/Captura-de-pantalla-2026-04-02-a-las-11.55.34-a.-m.png?w=860&resize=860%2C271\")
<\/p>\nSolana-based Drift Protocol has suffered the largest exploit of 2026 to date, losing nearly $300 million in a \u201chighly sophisticated operation\u201d that has raised concerns about the growing threat of human-targeted attacks in the crypto space.<\/p>\n
On Wednesday, Solana-based decentralized exchange (DEX) Drift Protocol was the victim of an exploit that stole hundreds of millions of dollars from its vaults. After online reports flagged unusual on-chain activity yesterday afternoon, Drift\u2019s official channels confirmed the attack, quickly suspending deposits and withdrawals.<\/p>\n
<\/p>\n
According to reports, the attack lasted less than 20 minutes and stole around $285 million in multiple assets, including USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from nearly 20 vaults. This marks the largest crypto exploit of 2026 to date, and one of the largest hacks in the industry, just above WazirX\u2019s $235 million hack.<\/p>\n
The hack wiped out half of the Solana-based project\u2019s total value locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama data. Drift protocol\u2019s token, DRIFT, also plunged, retracing nearly 40% over the past 24 hours.<\/p>\n
Within hours, the exploiter had swapped $270.9 million into USDC, bridged them from Solana to Ethereum via the CCTP TokenMessengerMinterV2, and purchased 129,000 ETH, splitting them across multiple wallets.<\/p>\n
In a Thursday post, Drift shared<\/a> the details of the incident, affirming that \u201ca malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift\u2019s Security Council administrative powers.\u201d<\/p>\n Solana\u2019s durable nonces are an advanced mechanism that allows transactions to bypass the typical short expiration date of regular transactions. This enables users to pre-sign transactions for future execution, offline signing, or complex multisig workflows.<\/p>\n \u201cThis was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution,\u201d the post continued.<\/p>\n The Solana-based DEX emphasized that the exploit was not the result of a bug in Drift\u2019s programs or smart contracts, noting that they found no evidence of compromised see phrases either.<\/p>\n \u201cThe attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,\u201d the project underscored.<\/p>\n Lily Liu, President of the Solana Foundation, addressed<\/a> the incident, asserting that it is a blow to the whole Solana ecosystem. Liu pointed out that \u201cSmart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than code exploits.\u201d<\/p>\nMalicious Actors Targeting Humans, Not Smart Contracts<\/h2>\n
![\"Solana,](\"https:\/\/www.newsbtc.com\/wp-content\/uploads\/2026\/04\/SOLUSDT_2026-04-02_09-43-23.png?w=860&resize=860%2C527\")
<\/p>\n","protected":false},"excerpt":{"rendered":"