Drift Protocol Says ‘Active Attack’ as Suspicious Outflows Top $270M

Drift Protocol halted deposits and withdrawals after reporting unusual activity. The situation later escalated into what the team described as an active attack. This added fresh pressure to Solana’s DeFi sector as losses were still being assessed on April 2, 2026. The Drift Protocol hack quickly became one of the biggest crypto security incidents of the year. Public estimates range from more than $200 million to roughly $285 million.

The platform first warned users on April 1, 2026, not to deposit funds. It said the alert was not an April Fools’ joke. It later confirmed that deposits and withdrawals had been suspended. The team coordinated with security firms, bridges, and exchanges to contain the incident. As of the latest public updates, Drift had not published a full postmortem. It also had not confirmed a final loss figure.

Loss estimates remain unsettled

A key issue in the early coverage is that the damage estimate is still moving. Early alerts pointed to a possible nine-figure exploit. Later assessments placed the suspected losses closer to $270-$285 million.

That means the cleanest framing is not to lock in one exact number too early. What is confirmed is that Drift publicly acknowledged an active attack. Outside observers also traced very large outflows from the protocol during the incident. On-chain tracking linked the transfers to a wallet beginning with HkGz4K. The protocol itself has not fully validated every public claim at the time of writing.

Market fallout hits DRIFT

The market response was immediate. The DRIFT token fell sharply after the attack became public. Some estimates put the decline at more than 40%, depending on the measurement window. That drop reflects both the direct shock of the incident and investor concern over how much of the protocol’s liquidity and user confidence can be restored.

For retail readers, the price move matters because token declines often signal broader uncertainty. It is not just the fear due to one stolen wallet. When a major DeFi platform freezes core functions during a crisis, traders start pricing in legal, technical, and reputational damage. This often happens before the full facts are available. That pattern has played out repeatedly across past crypto exploits. Drift now appears to be facing the same pressure.

Response questions widen beyond Drift

The Drift Protocol hack has also widened into a second debate about how crypto infrastructure firms respond once stolen funds begin moving across chains. Blockchain investigator ZachXBT criticized Circle, arguing that millions in USDC moved from Solana to Ethereum for hours without intervention.

That criticism may keep the story alive even after the exploit itself is better understood. In practice, the issue is no longer only whether Drift’s defenses failed. It also includes whether major service providers moved fast enough once the attack was visible on-chain. This could shift attention from a single protocol breach to a wider discussion about the limits of real-time containment in decentralized finance.

>>> Read more: BlockFills Bankruptcy: Crypto Trading Firm Files Chapter 11

What comes next

The next phase will depend on Drift’s forensic update, including whether the team can identify the exploit path, confirm the final loss amount, and explain what funds, if any, may be recoverable.

The exact exploit mechanism remains unconfirmed by Drift Protocol as of April 2, 2026. Preliminary on-chain analyses from firms like PeckShield and SlowMist point to compromised admin/multisig privileges, possibly via key leak or social engineering, allowing rapid vault drains, though these details await official verification.

Until then, the Drift Protocol hack stands as a reminder that even well-known DeFi platforms remain exposed to sudden operational shocks. Early reporting in fast-moving crypto incidents often mixes confirmed facts with still-unverified estimates.