Drift Protocol on Solana Suffers Major Security Breach, Estimated Losses Reach $270 Million

Deep News04-02

The decentralized finance (DeFi) protocol Drift, built on the Solana blockchain, has been compromised in a hack resulting in a minimum loss of $200 million, according to on-chain data. Some estimates indicate the total losses could be approximately $270 million.

Drift announced on social media platform X: "We have observed unusual activity on the protocol and are currently investigating. Please refrain from depositing funds into the protocol during the investigation. This is not an April Fool's joke. Please proceed with caution until further notice."

Based on the Rekt leaderboard, this incident is set to become one of the largest on-chain cryptocurrency hacks to date. It may also rank as the most significant attack within the Solana ecosystem, second only to the $326 million Wormhole bridge exploit.

The attack has been ongoing for over two hours and appears to have targeted multiple Drift vaults, including JLP Delta Neutral, SOL Super Staking, and BTC Super Staking.

Data from SolScan reveals one substantial transaction involving 41.7 million JLP tokens, valued at roughly $155 million. Additionally, significant withdrawals of assets such as SOL, USDC, cbBTC, and wBTC have been identified.

Lookonchain reported that the attacker has begun utilizing Jupiter, a DEX aggregator on Solana, to convert the stolen assets into USDC. These stablecoins are subsequently being bridged to the Ethereum network to purchase ETH. As of 17:45 UTC, the hacker's wallet held 19,913 ETH, worth approximately $42 million.

Drift Protocol is a decentralized, open-source trading platform constructed on Solana and is considered a core component of the ecosystem, particularly in the perpetual futures trading sector. Data from DeFi Llama shows its total value locked (TVL) exceeds $550 million.

The primary hacker address, beginning with "HkGz4Kmo," appears to have been created eight days ago. It initiated trading on OKX and the Jupiter DEX before becoming inactive, only resuming activity 18 hours ago, according to SolScan data.

Drift has stated that further updates will be provided via its official X account.

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Comments

We need your insight to fill this gap
Leave a comment