April 3, 2026
April Fools? April Loots
Solana Drift Protocol drained of $285M via fake token and governance hijack
Fake coin, no timelock, and a sleepy 'Security Council' — commenters want heads to roll
TLDR: Drift Protocol lost $285M after a governance hijack using a fake coin, with investigators pointing to North Korean tactics. Commenters are furious at the “Security Council,” split over whether Circle should’ve frozen funds, and debating if Drift can survive or if this is game over.
The internet is roasting Drift Protocol after a jaw‑dropping $285 million drain hit Solana’s biggest perp exchange in just 12 minutes — and it wasn’t a code bug, it was governance gone wild. Commenters are fuming at the “Security Council” that allegedly pre‑signed admin powers via a feature called durable nonces, then moved to a 2‑of‑5 setup with zero delay, letting a fake coin (CarbonVote Token) slide in as collateral and opening the floodgates. One incredulous voice asked, “Super power private keys… and no timelock?” while another went straight for the jugular: “CEO should serve prison time.” A chorus linked web3isgoinggreat.com with the energy of a meme dunk.
Allegations that the attack matches North Korean playbooks lit up the thread, but the bigger fight was over accountability: is Drift done, or do crypto projects bounce back from anything? “Is this the end?” feels like the mood. Then came the Circle pile‑on after ZachXBT blasted them for not freezing bridged USDC; half the crowd demanded corporate intervention, the other half argued “decentralized means don’t freeze.” Meanwhile, Lily Liu of the Solana Foundation dropped the line of the day: the smart contracts held, the humans didn’t. With TVL chopped in half and the DRIFT token down ~40%, the community is calling this an April Fools heist that wasn’t a joke — and demanding grown‑up security in DeFi.
Key Points
- •Attackers drained $285M from Solana-based Drift Protocol on April 1, 2026, via a governance hijack, not a smart contract exploit.
- •A fake token (CVT) was wash traded on Raydium to appear as valid collateral, and durable nonces plus social engineering enabled hidden authorizations.
- •Drift’s Security Council moved to a 2-of-5 configuration with zero timelock on March 27, removing a safeguard and facilitating rapid admin changes.
- •Stolen assets were converted to USDC/SOL, bridged via Circle’s CCTP to Ethereum, and consolidated into ~129,066 ETH; some SOL went to HyperLiquid and Binance.
- •TVL fell from ~$550M to $252M; DRIFT dropped ~40%; numerous DeFi protocols reported exposure, making it 2026’s largest DeFi hack and Solana’s second-largest ever.