Security Incidents

Gate News, April 2, Wormhole issued an official response to the attack on Drift, stating that Wormhole users’ assets are not currently at risk and that the cross-chain bridge functionality can still be used normally. However, due to the built-in security mechanisms configured for Solana, some cross-chain transfers may experience delays. Wormhole’s core contributors have been in communication with the Solana ecosystem team and will continue providing support as needed.

Loopscale’s declaration is not directly related to Drift. Most funds are secure, with some indirect exposure. Deposits in the SOL Genesis Vault will fully reimburse users; deposit and withdrawal functionality is temporarily disabled, and will be reopened once services are restored.

Decentralized exchange Drift Protocol was hacked on April 2, resulting in losses of up to $280 million, becoming one of the largest DeFi security incidents in the Solana ecosystem. The attacker exploited a multisig vulnerability to obtain administrator keys and quickly transferred assets. Drift has paused deposits and withdrawals and has promised to continue updating the incident investigation. Security experts noted that this incident highlights the risks of high-privilege key management for DeFi protocols, urging stronger security measures to protect users’ assets.

Trust Wallet’s Discord short link was hijacked and points to a malicious phishing server. Users should immediately stop clicking the relevant links and wait for official confirmation that they are safe. The newly released address poisoning protection feature can actively screen for potential scam addresses. Since 2025, Trust Wallet has faced multiple security challenges, so users need to take precautions.

Drift Protocol draws attention after a hacking incident. The DRIFT token plunged 28% in a single day; the current price is only $0.049, down as much as 98% from its all-time high. The attacker stole $285 million after a private key leak and converted it into ETH; the service has been suspended. The incident has raised questions about the security of the Solana ecosystem, and the market is closely watching the follow-up compensation plan and investigation results.

SlowMist analyzed the Drift Protocol hack, pointing out that the core vulnerability was that the multisig mechanism change did not include a time lock. After the attacker gained administrator privileges, they systematically extracted assets by forging tokens, manipulating oracles, and disabling security modules, ultimately stealing about 105,969 ETH. ZachXBT criticized Circle for not freezing USDC in time during this process, which had a negative impact on the industry and sparked widespread discussion.

Drift Protocol suffered a major security incident on April 1, with losses exceeding $270 million, and TVL dropped sharply within 12 minutes. The investigation shows the attackers began deploying three weeks earlier, using forged tokens and an administrator key vulnerability to carry out manipulation, resulting in large-scale withdrawals of funds. The incident dealt a severe blow to market confidence, and Drift is seeking to recover the funds and strengthen its security protections.

Drift Protocol was hacked on April 1, when attackers stole about $285 million in assets, setting the record for the largest loss in DeFi security incidents in 2026. The hackers quickly converted funds to ETH and split up storage, increasing the difficulty of recovery. The industry is currently pessimistic about the likelihood of funds being recovered. This incident will intensify regulatory pressure on the DeFi industry and force developers to strengthen smart contract security.

The founder of SlowMist, Yu Xuan, disclosed that the Drift Protocol theft incident was caused by its migration to a 2-of-5 multisig scheme without a timelock, which enabled the attacker to quickly seize control of permissions and resulted in losses of over $200 million. He urged DeFi project teams to regularly review risks, and users need to pay attention to the protocol’s risk of capital loss.

ZachXBT criticized Circle for not taking action in the Drift hacking incident, with millions of USDC moved from Solana to Ethereum. Circle has frozen part of its hot wallets, but progress has been slow to resume. He says Circle is a bad actor in the industry.

Gate News, April 2, Unitas Protocol, a yield generation protocol, released a statement saying it was not affected by the Drift Protocol attack incident. Unitas Protocol has no exposure on Drift; all collateral is safe; all strategies (including the JLP Delta-neutral strategy) are running normally, and user funds are secure. Collateral can be accessed via Accountable and Primus

On April 2, an on-chain analyst disclosed that the Drift protocol vault was attacked. The attacker obtained funds via NEAR Intents 8 days earlier, remained inactive until receiving a large amount of assets, then moved the funds to multiple KYC-verified money-laundering addresses and transferred them to Ethereum via Wormhole, involving Tornado Cash.

On April 2, on-chain monitoring firm PeckShield warned that HyperEVM could face a major outage, with blocks and transactions coming to a halt, impacting users’ transaction confirmations and smart contract interactions. The official status page, however, shows “All Systems Operational,” reflecting insufficient monitoring of HyperEVM layer conditions. This outage exposed issues with the new mainnet’s early stability; the specific causes are pending an official announcement.

Bitcoin (BTC) dipped in the short term to $67,600. The U.S. Department of the Treasury launched a small consultation on regulatory guidance for stablecoins under the “GENIUS Act,” and the CFTC Chair said he is ready to regulate the entire crypto market. Amid market developments, spot Bitcoin inflows are slightly higher than outflows, and the CFTC and the SEC have signed an agreement to coordinate digital asset regulation.

Drift Protocol was attacked on April 2, and about $220 million to $270 million in assets were transferred, causing its TVL to fall to $255 million. The attacker moved some funds to Ethereum and performed swaps, and a statement from the Jupiter platform said it was not affected. Security organizations warned that after the attack, the native token faced prolonged downward pressure, and the future outlook for the DRIFT token needs to be carefully assessed. The investigation is still ongoing.

Gate News message. On April 2, according to monitoring by ZachXBT, Trust Wallet’s Discord short link discord.gg/trustwallet has been hijacked and is currently pointing to a phishing server. Users should avoid joining that Discord via links provided through official channels (including the website, Telegram, blogs, etc.).

Jupiter on X confirmed it was not affected by the Drift security incident. Jupiter Lend is not related to the Drift market, and JLP is fully backed by underlying assets. Drift Protocol suffered a security incident, with losses totaling between $200 million and $270 million, half of which was stolen JLP assets.

Gate News report: On April 2, Galaxy Digital (GLXY) recently experienced a cybersecurity incident. Hackers carried out unauthorized access to its isolated R&D work area. The company stated that the affected environment is solely used for research and development and is completely isolated from core infrastructure, production systems, trading platforms, and customer accounts. The loss amount is less than $10,000, and customer funds and data were not impacted. Galaxy Digital responded swiftly, completing the lockdown and reinforcement of the compromised work area, and deploying additional security measures at the on-chain infrastructure layer.

Drift Protocol has suspended all deposits due to a significant security breach, with over $270 million drained from the platform. This incident is marked as one of the largest hacks in decentralized finance, making Drift the second-largest Solana exploit in history.