The Drift Protocol hack on Solana has escalated into a broader incident affecting the wider ecosystem. Initial reports estimated losses at around $270–$286 million, with the figure commonly cited near $285 million.
Attackers gained unauthorized access to Drift’s administrative controls, a Solana-based perpetual futures and DeFi platform via a sophisticated method involving durable nonces—a legitimate feature for pre-signing transactions. This allowed them to bypass multisig security and drain funds from multiple vaults including JLP Delta Neutral, SOL Super Staking, and BTC Super Staking in a rapid operation.
The exploit did not stem from a smart contract bug but from compromised administrative permissions, possibly enabled by social engineering or prior setup of transactions. Stolen assets included significant amounts of USDC, along with other tokens that were quickly swapped via Jupiter DEX.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
Drift immediately suspended deposits and withdrawals and coordinated with security firms, bridges, and exchanges. Durable nonces are a legitimate feature on the Solana blockchain designed to solve a specific limitation of how transactions work on the network.
They provide flexibility for offline signing, complex multisig approvals, hardware wallets, and institutional workflows—but they also introduce significant security considerations, as highlighted by the recent Drift Protocol incident. Every Solana transaction must include a recent blockhash (a unique identifier from a recent block on the chain).
This serves two main purposes: Replay protection: It makes each transaction unique and prevents the same transaction from being submitted multiple times (double-spending or replay attacks). The blockhash expires after roughly 60–90 seconds or a short number of slots. If the signed transaction isn’t submitted and confirmed within that window, it becomes invalid automatically.
This short lifespan acts as a built-in safety net: even if someone signs a risky or malicious-looking transaction, it can’t linger indefinitely and be executed later when conditions change. Durable nonces also called durable transaction nonces replace the expiring recent blockhash with a persistent, one-time-use value stored in a special on-chain nonce account.
Blockchain analytics firm Elliptic has flagged on-chain patterns consistent with North Korean state-linked actors (DPRK), which would mark this as the 18th such incident tracked in 2026, pushing DPRK-related losses over $300 million for the year so far.
Fallout Spreading to 20 Protocols
What started as a single-protocol incident has rippled outward due to the highly composable and interconnected nature of Solana DeFi; shared liquidity pools, strategies, and dependencies. Data from SolanaFloor shows the number of affected protocols has grown from an initial ~11 to at least 20.
Newly impacted protocols include: Prime Numbers Fi losses reportedly exceeding $10 million. PiggyBank, Perena, Vectis, Valeo, Amp Pay, Loopscale, Gauntlet ~$6.4 million estimated impact in some reports, Exponent And others such as Project 0, Carrot, Ranger, Reflect, Elemental, Neutral Trade, Pyra, Fuse, and XPlace.
Many have paused withdrawals, borrowing, or other functions while assessing exposure and conducting security reviews. Some are exploring reimbursements for users. The total ecosystem impact remains centered on Drift but highlights systemic risks: protocols relying on Drift’s liquidity, vaults, or related strategies faced secondary losses or temporary halts.
No full chain-wide contagion has materialized yet, but confidence has taken a hit. DRIFT token crashed sharply, reports of 37–41% drops and hit record lows. SOL saw downward pressure ~4%+ declines in some 24-hour windows amid the news. Criticism has emerged around response times, including Circle’s handling of stolen USDC which was not frozen promptly despite the ability to do so in some cases and questions about centralized elements in decentralized governance.
Drift sent on-chain messages to attacker-linked wallets, and investigations continue with no major recoveries reported ~48 hours post-exploit. This event underscores ongoing DeFi challenges: even without code vulnerabilities, human and administrative layers and cross-protocol dependencies can create single points of failure. It ranks among the largest DeFi exploits of 2026 and the bigger ones on Solana historically.
The situation is still developing—on-chain monitoring via PeckShield, Cyvers, SolanaFloor shows the impact was expanding. Users with exposure to affected protocols should monitor official updates, and the broader community is watching for any further ripple effects or recovery efforts.