A significant security incident has hit the Solana-based decentralized exchange Drift Protocol, resulting in the theft of upwards of $200 million, with some estimates indicating that as much as $285 million has been compromised. The protocol, which specializes in perpetual futures trading, has suspended both deposits and withdrawals in light of the ongoing investigation.
On-chain data reveals that the initial alarming activity was detected around 11:06 a.m. ET, when approximately 41 million JLP tokens, valued at $155 million, were transferred from the Drift Vault to a Solana address identified as “HkGz4K.” This transfer was just the beginning, as subsequent transactions quickly escalated, leading to millions of dollars in various cryptocurrencies being funneled to the attacker, who subsequently distributed the stolen assets to other wallets.
The suspicious Solana address that initiated the transfers appears to have been activated recently, receiving only a nominal amount before the exploit. Information from the Solana block explorer, Solscan, showed that this address first received a small deposit of 1 SOL a week prior, hinting at a potential preparation for the exploit.
As of now, the total transfers from Drift Protocol to the attacker’s address reportedly exceed $250 million, according to blockchain analytics firm Arkham Intelligence. Security experts have suggested that a leaked private key may be the root cause of this devastating breach, allowing the intruder to gain privileged access to administrative functionalities within the protocol.
Jiang Xuxian, founder of the blockchain security firm PeckShield, confirmed that the attack was predicated on compromised admin keys. “The admin keys behind Drift were definitely leaked or compromised,” he stated, emphasizing that the breach seems to stem from human error rather than a technological flaw.
Drift Protocol’s total value locked was approximately $550 million prior to the incident, exposing the platform’s significant connections within the broader Solana ecosystem. Some entities operating within the ecosystem, such as Forward Industries and DeFi Development Corp, have reported that their treasury holdings remain unaffected by the exploit. Conversely, other firms, including wallet provider Phantom, have issued advisories to their users to avoid accessing Drift Protocol until the situation is thoroughly assessed.
Following the exploit, Drift’s native token, DRIFT, has plummeted nearly 28% in value and is currently trading around $0.049. This marks an astonishing drop of over 98% from its all-time high of $2.60 reached in November 2024.
The situation continues to unfold as Drift Protocol works in coordination with multiple security firms, bridges, and exchanges to contain the impact of the incident and will provide further updates to the community as they become available.
