The Solana-based Drift defi perpetual futures exchange was exploited for $285 million. The project alerted the community on social media, writing: “Drift Protocol is experiencing an active attack. … This is not an April Fools joke.“The project later described the exploit as “a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.” Once the attacker had access to admin capabilities, they quickly eliminated risk management limits on the protocol and drained huge quantities of tokens, which they swapped to USDC and then ETH. The attack was attributed to extremely sophisticated social engineering, likely by North Korean hackers.Some have criticized USDC’s issuer, Circle, for not freezing the stolen funds during the six hours they were held in USDC. Unlike ETH, USDC is controlled by a centralized company that can, and regularly does, freeze assets determined to have been stolen or connected to illicit activity.The theft is among the largest in defi history.

Total loss estimated at $285,000,000.