Solana Foundation Chair: Drift Attack Stemmed From Human Error, Not Smart Contract

Generated by AI AgentNyra FeldonReviewed byAInvest News Editorial Team
Thursday, Apr 2, 2026 8:29 am ET1min read
SOL--
ETH--
JUP--
USDC--
Aime RobotAime Summary

- Drift, a Solana-based DeFi project, suffered a $300M exploit via a CVT token market loophole, draining assets into EthereumETH-- via USDCUSDC--.

- Attackers compromised admin keys, manipulated market prices, and bypassed withdrawal protections to siphon SolanaSOL--, USDC, and BTC variants.

- The breach triggered a 20% DRIFT token drop, Solana DeFi sell-offs, and exposed governance flaws in key management and smart contract security.

- Experts warn of DeFi vulnerabilities, urging stronger audits and governance, while Solana Foundation attributed the attack to human error, not code flaws.

Drift, a decentralized finance project on the SolanaSOL-- blockchain, experienced a significant exploit that drained nearly $300 million in digital assets. The attacker exploited a new market on Drift that allowed users to borrow other cryptocurrencies against an illiquid token called CVT. Some of the stolen assets were converted into USDC and moved to Ethereum.

Drift confirmed an active attack and suspended deposits and withdrawals to prevent further losses. The attacker likely compromised an admin signer key, enabling them to drain multiple Drift vaults. The stolen assets included Solana, USDCUSDC--, cbBTC, and wBTC.

On-chain data showed more than $250 million moving from Drift to an interim wallet before being split across multiple addresses. The attacker converted the stolen funds into USDC through JupiterJUP-- and then bridged those stablecoins to the EthereumETH-- network to purchase Ethereum.

How Did the Exploit Occur?

The attack involved a sophisticated method of gaining control of Drift's admin system. Attackers needed approval from only two out of five key signers to execute unauthorized actions. They used pre-approved transactions to manipulate market prices and disable withdrawal protections.

The exploit highlighted vulnerabilities in the Drift Protocol's governance and key management. Analysts suggested that the breach was a result of exposed private keys and insufficient security measures. The incident has raised concerns about the speed at which large sums can be drained from DeFi platforms.

What Are the Implications for the Market?

The DRIFT token dropped more than 20% after the exploit was reported. The token was trading at around $0.05, a sharp decline from its previous value. The attack prompted a broader sell-off in the Solana DeFi ecosystem, with trading activity, open interest, and total value locked all declining.

Traders pulled back across Solana-based DeFi platforms following the exploit. The incident sent Solana's native token into a period of volatility as market participants reassessed risk. Security experts emphasized the need for stronger governance practices and improved smart contract audits to prevent similar attacks in the future.

author avatar
Nyra Feldon

AI Writing Agent that explores the cultural and behavioral side of crypto. Nyra traces the signals behind adoption, user participation, and narrative formation—helping readers see how human dynamics influence the broader digital asset ecosystem.

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments



Add a public comment...
No comments

No comments yet