A banner across the top of Drift’s website said late Thursday: “Drift is being paused until further notice due to irregular activity in the protocol.”
Drift said Wednesday (April 1) that it is experiencing an active attack and has suspended deposits and withdrawals.
“We are coordinating with multiple security firms, bridges and exchanges to contain the incident,” the company said in a Wednesday post on X that remained pinned atop its posts late Thursday. “This is not an April Fools joke.”
In another Wednesday post on X, Drift said that a malicious actor gained unauthorized access to Drift Protocol and took over Drift’s Security Council administrative powers.
“This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution,” the firm said in the post.
In another Wednesday post on X, Drift said the attack also involved the “compromise of multiple multisig singers’ approvals, likely through targeted social engineering or transaction misrepresentation.”
The Financial Times reported Thursday that Drift is the largest perpetual futures exchange on the Solana blockchain. The FT described perpetual futures as derivative contracts that have no expiration and are used by cryptocurrency traders to speculate on asset prices.
The report said the hackers who attacked Drift stole $280 million from the exchange, which amounted to about half the total U.S. dollar value on deposit with it.
Bloomberg reported Wednesday that the amount of cryptocurrencies involved, as determined by blockchain data analysts, could make this one of the biggest hacks in crypto’s history.
The hacker likely exploited a new market on Drift that lets users borrow other cryptocurrencies against an illiquid token called CVT, the Bloomberg report said, citing Xuxian Jiang, a researcher at blockchain security company PeckShield.
Blockchain data platform Chainalysis reported in December that during the first roughly eight months of 2025, from January through early September, crypto thefts totaled $3.4 billion. The company added that nearly half that total come from the February 2025 compromise of the Bybit crypto exchange.