Solana's Biggest Hack Since Wormhole: $270M Drained From Drift Protocol in Minutes
$270M gone. Not an April Fools joke. The attacker is still bridging funds.
At approximately 4:00 PM UTC on April 1, 2026, Drift Protocol — Solana’s flagship perpetuals and spot DEX — was hit with the largest exploit in the Solana ecosystem since the $325M Wormhole bridge hack in 2022. Between $270M and $285M drained in minutes, and the funds are actively moving right now.
Drift’s own team confirmed it with an almost surreal message: “This is not an April Fools joke.”
What Happened
On-chain investigators Lookonchain and PeckShield flagged suspicious activity originating from Drift’s vaults beginning around 1:30 PM ET. The attack started with a transfer of approximately $155M in JLP tokens from a Drift vault.
Within hours, the attacker’s wallet (HkGz4KmoZ7Zmk7HN6ndJ31UJ1qZ2qgwQxgVqQwovpZES) had converted stolen assets to USDC and began bridging from Solana to Ethereum at scale:
- By 17:49 UTC: 19,913 ETH (~$42.6M) purchased
- By 18:17 UTC: 38,820 ETH (~$82.66M) accumulated
- Additional SOL routed through HyperLiquid and direct deposits to Binance
The exploit vector is still unconfirmed — Drift’s team is investigating smart contract vulnerabilities, oracle manipulation, and potentially compromised private keys. No official post-mortem yet.
Drift suspended all deposits and withdrawals immediately. The DRIFT token dropped 20%+ from its intraday high of $0.071.
The Scale of This
The $270M–$285M figure represents roughly 50% of Drift’s total value locked wiped in a single attack. That makes this:
- The largest DeFi exploit of 2026 by a wide margin
- The largest Solana ecosystem hack since Wormhole ($325M, February 2022)
- One of the top 10 DeFi exploits of all time
For context: Drift had been one of the DeFi success stories of the current bull cycle, processing billions in derivatives volume and seen as a serious competitor to Hyperliquid and GMX.
Why This Matters for Crypto Jobs
Events like this reshape hiring across the entire industry — fast.
Immediate demand surge:
- Smart contract auditors — firms like Trail of Bits, Halborn, Zellic, and Ottersec will see inbound spike. If you have audit experience, now is the time to be visible.
- On-chain forensics / blockchain analytics — Chainalysis, TRM Labs, and Elliptic will be engaged by Drift and likely by law enforcement. These firms hire aggressively after major exploits.
- Security engineers — every DeFi protocol watching this is quietly reviewing their own codebase right now. Expect a wave of job postings over the next 2–4 weeks.
Longer-term shifts:
- Institutional allocators will demand stronger security guarantees before committing capital to DeFi. Protocols that can demonstrate rigorous auditing and formal verification will win that capital — and will hire to maintain that standard.
- Solana-native security talent is especially scarce. If you have Rust + Solana program audit experience, you are currently very employable.
What gets cut:
- Protocols directly impacted may face team restructuring or shutdown. Community/marketing roles at Drift are at risk depending on the recovery trajectory.
What Happens Next
Drift has not announced a recovery plan or compensation mechanism yet. The attacker is still actively moving funds across chains, which narrows the window for any coordinated freeze response.
The industry will be watching how this is handled — post-exploit recovery (see: Euler Finance’s $197M hack and negotiated return in 2023) has become a template, but it requires the attacker to be willing to negotiate.
For now: do not deposit into Drift. The team’s official guidance stands.
Sources: Bloomberg, DL News, CoinDesk, Bitcoin News, PeckShield on-chain analysis. Figures unaudited and subject to revision as the post-mortem develops.
Looking for your next role in crypto security, DeFi engineering, or blockchain analytics? Browse open positions at cryptogrind.com — the job board built for Web3 builders.
