DeFi platform Drift has suspended deposits and withdrawals after losing millions of dollars in a crypto hack.
Editorial
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
The firm posted on X that it was investigating ‘unusual activity’ on the protocol, telling users that it was not an April Fool’s joke.
Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj
— Drift (@DriftProtocol) April 1, 2026
Security researchers estimate losses at up to $240 million, blaming governance security as the chief vulnerability after the attcker infiltrated a multisig upgrade a week ago.
One independent researcher observed: “This isn’t a technical vulnerability, It’s a governance catastrophe. Drift’s smart contracts themselves were fine. The problem was:
• Multisig handoff process failure
• Handing the hacker a “master key”
• All subsequent operations were “legitimate” calls”
In summary: “The essence of the Drift hack = Unified Liquidity Pool (risk concentration) × Multisig Vulnerability (privilege loss) × Excessive Admin Privileges (no checks)”
“At the cost of $240 million, it sounds the alarm for the entire DeFi industry.”
