Drift Protocol, a leading decentralized exchange on Solana, was hit by a $285 million exploit on April 1—one of the largest DeFi breaches in the network’s history. Notably, the attack was not caused by a smart contract flaw but by a compromised administrator key, highlighting serious risks tied to social engineering and operational security.
Blockchain investigators revealed that the attacker used the compromised admin key to manipulate the platform’s controls—listing a new asset, inflating withdrawal limits to extreme levels, and draining nearly 20 vaults in just 12 minutes across 31 transactions. A wide range of assets, including stablecoins and tokens, were siphoned off and partially converted into other cryptocurrencies.
Officials from the Solana Foundation emphasized that the breach was not due to any vulnerability in the blockchain or its smart contracts. Chair Lily Liu stated that “the real target of the attack is people,” pointing to social engineering tactics and failures in operational security. This view was echoed by Chief Product Officer Vibhu Norby, who described the incident as an isolated case rather than a systemic issue within Solana’s ecosystem.
The fallout was immediate. SOL dropped nearly 9% to an intraday low of $78.60, with its market capitalization falling to around $45.5 billion. The native DRIFT token also plunged as users rushed to withdraw funds and the platform temporarily halted deposits and withdrawals.
The impact extended beyond Drift. Cross-chain bridge Wormhole confirmed that while user funds remained safe, some Solana-based transfers could face delays due to heightened security checks triggered by the incident.
The breach underscores a growing trend in the crypto industry: the shift from code-based exploits to human-targeted attacks. Increasingly, high-value hacks stem from phishing, impersonation, and compromised access credentials rather than flaws in smart contracts.
Overall, the incident reinforces the need for stronger operational safeguards across DeFi platforms, as even robust code cannot prevent breaches stemming from compromised human access.
