Drift, a decentralized finance platform built on the Solana blockchain, has confirmed a security incident that resulted in approximately $280 million in cryptocurrency being withdrawn from its systems, according to company statements and security reports.
The incident occurred on April 1, 2026, when a malicious actor gained unauthorized access to the platform. Drift stated that the attack involved a rapid takeover of administrative controls linked to its security council, which oversees key protocol operations.
According to the company, the attack was carried out using a method that involved pre-approved transactions and delayed execution mechanisms. These transactions allowed the attacker to bypass normal safeguards and execute withdrawals once control had been established. The company stated that the activity was not caused by a flaw in its smart contracts but instead related to unauthorized or misrepresented approvals obtained before execution.
The breach affected funds held across several parts of the platform, including lending pools, vaults, and trading balances. Drift confirmed that the attacker was able to remove withdrawal limits after gaining control, which enabled the large-scale transfer of assets.
The preparation for the attack reportedly began days before execution. Drift indicated that the attacker used previously signed transactions that could be triggered later, allowing the final stage of the exploit to occur quickly once access had been secured.
Security researchers have linked the activity to techniques commonly used in previous cryptocurrency thefts. Multiple firms reported indicators consistent with operations attributed to North Korea, although official confirmation of attribution remains ongoing.
Following the incident, Drift suspended certain platform functions, including deposits and withdrawals, while it worked to contain the breach and prevent further losses. External security firms have been engaged to investigate the attack and assist with recovery efforts.
The company stated that it is coordinating with exchanges, blockchain monitoring services, and law enforcement agencies in an effort to trace and potentially freeze the stolen assets. The investigation remains ongoing, and further details are expected to be released as analysis continues.