Solana Drift Protocol drained of $285M via fake token and governance hijack (anonhaven.com)

On April 1, 2026, Drift Protocol on Solana was drained of about $285 million after attackers used a fake token and governance takeover rather than a smart-contract bug. The exploit followed a multi-week preparation: the attackers seeded a small liquidity pool to manufacture collateral value, used durable nonces and social engineering to get Security Council signers to pre-approve transactions, then removed a timelock to execute admin actions quickly. Stolen assets were converted and moved off Solana via CCTP, with TRM Labs and other analysts attributing the operation to DPRK-linked hackers. The incident caused major knock-on losses across multiple DeFi platforms and sharply reduced Drift’s total value locked.