Drift Protocol hack: DPRK-linked admin takeover drains $285M via fake CVT
The Drift Protocol hack hit Solana DeFi on Apr 1, 2026, draining about $285M—over 50% of Drift’s TVL. Later reporting said the attacker activity is consistent with DPRK-linked groups, though formal attribution is still pending.
Unlike a typical smart-contract exploit, the Drift Protocol hack was driven by governance and privileged access. Attackers reportedly spent months building trust, then abused Solana “durable nonces” to induce Security Council members to sign pre-authorized admin transactions. Drift also moved to a 2/5 multisig with a zero-timelock, shrinking the intervention window.
With admin control, attackers whitelisted an artificially priced, worthless fake collateral token (CVT). They injected 500M CVT and withdrew real assets, including USDC and SOL, plus ETH and other tokens. Reported drains included USDC (~$71.4M), JLP (~$159.3M), cbBTC (~$11.3M), USDT, USDS, WETH, dSOL, WBTC, FARTCOIN, and JitoSOL. The withdrawal and drain flow ran for roughly 2.5 hours, followed by swapping and bridging off Solana.
Ripple effects spread across the ecosystem: at least 20 Solana protocols reportedly paused or saw losses due to composability risk. As of early Apr 3, no confirmed full reimbursement plan was public.
For traders, the key signal in the Drift Protocol hack is that operational and governance compromise can cause a fast, broad liquidity shock—often wider than isolated token volatility. Expect short-term volatility pressure on DRIFT, and heightened risk controls across Solana derivatives until governance recovery and collateral integrity are fully clarified.
Bearish
The Drift Protocol hack centers on governance/admin compromise and fake collateral injection, which typically triggers an immediate credibility and liquidity crisis. That undermines market confidence in Drift’s risk controls and collateral pricing integrity, increasing the probability of further losses, delistings/pauses, or extended uncertainty. Even if technical recovery happens later, traders usually price in governance-risk overhang first—pushing the affected token (DRIFT) toward downside pressure in the short term. Over the longer term, the market may stabilize only after verifiable governance hardening, oracle/collateral safeguards, and a credible user-compensation pathway are confirmed.