Drift Protocol suffered a massive exploit. Losses are now estimated at a staggering $285 million. The Drift Protocol hack drained the treasury within an hour. Vault assets collapsed from $309 million to just $41 million. 

Here’s how it went down. The attacker compromised an admin private key the so-called “god key.” Then, they moved roughly 41 million JLP tokens worth $155 million in the first transaction. USDC, SOL, cbBTC, and other assets followed quickly.  Interestingly, the same treasury was emptied during Drift v1 back in 2022, which cost $14.5 million.  Now, the same scenario just repeated at a much larger scale.

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We’ll provide additional updates from this account as… https://t.co/03SRPq4fHj

— Drift (@DriftProtocol) April 1, 2026

ZachXBT Calls Out Circle for “Incompetence”

Meanwhile, on-chain sleuth ZachXBT dropped a bombshell. He publicly slammed Circle for its slow response during the exploit. 

Here’s the kicker: millions of stolen USDC moved from Solana to Ethereum for hours via Circle’s own Cross-Chain Transfer Protocol (CCTP). Circle validated every single transfer but took no action, all while it happened during U.S. business hours.  ZachXBT called it “incompetent and harmful to the industry.” 

Circle was asleep while many millions of USDC was swapped via CCTP from Solana to Ethereum for hours from the 9 figure Drift hack during US hours.

Value was moved and nothing was done yet again.

Comes days after you froze 16+ business hot wallets incompetently which is still… pic.twitter.com/T0Xwg1HIfO

— ZachXBT (@zachxbt) April 2, 2026

The criticism stings even more because Circle had just frozen 16 business hot wallets days earlier in a separate civil case.  Why freeze those, but not the funds from a nine-figure hack? That double standard is fueling serious trust concerns around USDC.

DRIFT Token Crashes as Market Bleeds

Unsurprisingly, the Drift Protocol hack crushed the native token. DRIFT is trading around $0.041, a brutal 37% drop in 24 hours.  Trading volume spiked nearly 355%, but that’s mostly panic selling.  Market cap is down to $23 million. 

Shadow Contagion Is the Real Threat

Here’s what many miss. PeckShield reports that March saw 20 major hacks with $52 million in losses, a 96% jump from February.  Worse, the “shadow contagion” effect is spreading. A single exploit can trigger bad debt across multiple connected DeFi protocols.  This Drift incident could easily ripple outward.

#PeckShieldAlert In March 2026, the crypto space saw 20 major hacks totaling $52M – a 96% MoM surge from February ($26.5M). But the real damage lies in the "Shadow Contagion".#Tophacks:
– @ResolvLabs ($USR) De-peg: An AWS KMS breach enabled an 80M USR "infinite mint" (~$25M… pic.twitter.com/huohE79th6

— PeckShieldAlert (@PeckShieldAlert) April 1, 2026

 

My Thoughts

This is bigger than just another hack. The admin key compromise exposes a fundamental flaw in DeFi’s security model. We keep talking about decentralization, but a single compromised private key can still empty an entire treasury. That’s not trust-minimized, it’s trust-delegated to whoever holds the keys.

ZachXBT’s Circle critique is the real alpha here. Circle validated every CCTP transfer, had the technical ability to freeze, but stayed silent for hours. Yet days earlier, they froze 16 business wallets tied to a sealed civil case.  The inconsistency is alarming. If USDC can freeze funds selectively, the “decentralized” label starts to crack.

For traders: expect more volatility in Solana ecosystem tokens. The shadow contagion risk is real. Keep stop-losses tight, and maybe diversify stablecoin exposure. This is a wake-up call.