Drift Protocol, one of the largest decentralized perpetual futures exchanges on Solana, confirmed an "active attack" on April 1 after onchain analysts detected over $200 million in suspicious outflows from its vaults.

How It Unfolded

Onchain monitoring firms Lookonchain and Peckshield first flagged the unusual activity around 1:30 PM ET. Approximately 980,000 SOL was drained from multiple Drift vaults and funneled to a single wallet, which then executed swaps through the Jupiter aggregator.

"We are observing unusual activity on the protocol. This is not an April Fools joke," Drift wrote on X, urging users to halt all deposits immediately. The team later confirmed it was "coordinating with multiple security firms, bridges and exchanges to contain the incident."

Market Fallout

The DRIFT token dropped over 20% in the hours following the exploit, falling from approximately $0.072 to $0.055. The token had already declined roughly 98% from its all-time high before this incident.

Helius CEO Mert Mumtaz, whose company provides key Solana infrastructure, added to concerns by posting that Drift "might be getting exploited." Circle, the USDC issuer, was reportedly alerted, suggesting stablecoins may be among the stolen assets.

No Root Cause Confirmed

The exact exploit vector remains unknown. Analysts have not ruled out a smart contract vulnerability, compromised private keys, or oracle manipulation. Drift had held approximately $550 million in total value locked before the attack.

Users with funds on Drift are advised to revoke wallet approvals tied to the protocol and avoid any new interactions until an official post-mortem is published.