Drift Protocol Exploit — PIF Research Labs

$285M drained in 10 seconds. 57,000+ wallets and counting. Every number explained.

📊 The Numbers — What They Actually Mean

Every number below was pulled directly from the Solana blockchain. Here's each number and why it matters:

$285M+

Total extracted

The total value of all assets stolen from Drift Protocol's lending vaults — 18 different token types including USDC, JLP, wrapped Bitcoin, ETH, SOL derivatives, and more.

10 sec

Core drain time

From first withdrawal (41.72M JLP at 16:06:09) to last primary withdrawal (2,200 wETH at 16:06:19). The major vaults were emptied in the time it takes to send a text.

$23.3M/s

Drain rate

$233M ÷ 10 seconds. The attacker extracted twenty-three million dollars every second. The average US household earns about $1/sec. This was 23 million times that.

57,331

Unique wallets

Automated bots scattered the stolen funds across 57,331 separate wallet addresses to make it nearly impossible to trace and recover. This number is still growing.

861,457

Total transactions

Every time money moves between wallets, that's one transaction on the blockchain — one footprint investigators must follow. 861,457 footprints going in every direction. That's the defense.

~590/min

Current bot rate

Right now, automated bots are executing ~590 money-moving transactions every minute — about 10 per second. They've been running nonstop for 34+ hours, creating new wallets and burying the trail deeper every second.

129,066 ETH

Purchased on Ethereum

The attacker bridged $463M USDC via Circle CCTP to Ethereum and accumulated 129,066 ETH (~$225M). Why? USDC can be frozen by Circle. ETH cannot be frozen by anyone. Converting to ETH puts the money beyond reach — like converting marked bills into gold no bank can seize.

$66.7M

USDC unmoved

$66.7M in USDC sitting in one wallet (8ubo4HbW...) for 34+ hours. Circle can freeze it by blacklisting the address. Every minute they don't is a minute the attacker could convert it to unfrozen ETH.

99.9997%

JLP vault drained

41.7 million JLP tokens reduced to 133 remaining. If the vault was a bank with $41.7M in deposits, the attacker left $12.50 on the counter and walked out with the rest.

🧪 The $1 Rehearsal — March 24, 2026

What happened

Eight days before the exploit, the attacker created a brand-new wallet and ran what looks like a meaningless sequence of micro-transactions. Fractions of a cent. Dust amounts. 61 transactions in 29 minutes. Total cost: less than $1. Nobody noticed. Nobody had any reason to notice. But every single transaction had a purpose.

Transactions

Each one created a "token account" — a receiving address for a specific token type on Solana

Unique destinations

DEX routers, token programs, and intermediary wallets that the heist would need to interact with

<$1

Total cost

The entire rehearsal — all 61 transactions, all 7 token types — cost less than one dollar combined

Why they did this

On Solana, a wallet can't receive a token it's never held before unless it has an "Associated Token Account" (ATA) for that specific token type. Think of it like mailboxes: if you want to receive mail, you need a mailbox. If you want to receive 7 different types of mail, you need 7 different mailboxes. The attacker was building mailboxes — one for every token type they planned to steal from Drift's vaults.

Here are the exact tokens they tested — each one matches a token held in Drift's vaults:

The intended outcome

When exploit day arrived, the wallet was pre-configured to receive every token type in Drift's vaults. Without this rehearsal, the withdrawals would have failed — you can't receive JLP if you don't have a JLP token account. The attacker spent less than $1 to build the infrastructure for a $285M heist. And because every transaction was under a penny, it triggered zero alerts, zero flags, and zero attention from anyone monitoring the chain.

🔑 The Multisig Takeover

What happened

Drift Protocol's admin key — the master key that controls every setting in the protocol — was protected by a "multisig." A multisig is like a safe deposit box that requires multiple keys to open. Drift's new multisig required 2 out of 5 keyholders to approve any change. But the attacker didn't need to break the safe. They became the keyholders.

2 / 5

Multisig threshold

Only 2 out of 5 signers needed to approve. That means 3 signers could be completely unaware while 2 make changes.

0 sec

Timelock

A "timelock" is a mandatory waiting period between proposing a change and executing it. Zero seconds means instant execution — no review window, no time for anyone to notice and object.

4 / 5

New signers

4 of the 5 signers on the new multisig were brand-new addresses. Only one carried over from the old configuration. The access was effectively handed to unknown parties.

The intended outcome

Five hours before the exploit, the carryover signer proposed transferring the admin key. One of the new signers co-signed within one second. Two signatures met the 2/5 threshold. With zero timelock, it executed instantly. No other signer was consulted. No alert was triggered. The attacker now held the admin key that controlled $550 million in user funds. The vault wasn't broken into. The keys were handed over.

🔫 The Durable Nonce — Pre-Loaded Bullets

What Drift confirmed

The attacker used "durable nonce" transactions. Normally on Solana, a transaction expires in about 90 seconds. If it doesn't get processed in that window, it dies. A durable nonce bypasses this. It creates a transaction that never expires. You can sign it today and execute it next week, next month, or at exactly 16:06 UTC on April 1.

~90 sec

Normal tx lifespan

A standard Solana transaction expires in roughly 90 seconds. If it isn't processed by then, it's dead. This is a safety feature.

Forever

Durable nonce lifespan

A durable nonce transaction never expires. Sign it on March 24, fire it on April 1. The blockchain doesn't know the difference.

8 days

Silence between rehearsal and exploit

The attacker wasn't waiting. They were done. Every transaction was pre-signed and sitting in a queue, ready to fire.

Why this matters

This is why there were eight days of silence after the rehearsal. The attacker wasn't waiting for the right moment. They were finished. During the rehearsal window (or shortly after), they pre-signed every exploit transaction: the admin key transfer, the fake market creation, the circuit breaker changes, every vault withdrawal. All of it was packaged, signed, and sitting in a queue like bullets in a magazine. When April 1 arrived, the attacker didn't manually execute each step. They triggered the sequence and the pre-signed transactions fired automatically, one after another, in perfect order. That's how you drain $233 million in 10 seconds. A human can't sign 8+ withdrawal transactions across 18 token types that fast. A pre-loaded sequence can.

⏸️

The attacker didn't just plan the heist. They rehearsed it, pre-built the infrastructure, pre-signed every transaction, and waited for the perfect moment to fire. Less than $1 to build the mailboxes. Zero seconds on the timelock. Eight days of patience. Then ten seconds to drain a quarter billion dollars.

💣 The Weaponization — One Transaction, Two Weapons

⚙️ Weapon 1: The Fake Collateral Market

The attacker created a brand new "Spot Market" inside Drift — Market #63 — for CVT, the worthless token they minted 20 days earlier. They configured every parameter to maximize how much they could withdraw against fake collateral:

initial_asset_weight

100%

Every $1 of fake CVT deposited = $1 of real withdrawal power. Normal markets use 80-90%, meaning you can only borrow 80-90 cents per dollar of collateral. At 100%, there's zero safety buffer.

imf_factor

"Initial Margin Fraction" — the penalty applied when a single position gets too large. At zero, the attacker could deposit the entire 500M CVT supply with no size-based reduction. No limit on how much fake collateral they could use.

liquidator_fee

This fee normally incentivizes third parties to close risky positions. At zero, nobody had any financial reason to liquidate the fake position — even if someone spotted it, there was no reward for acting on it.

asset_tier

Collateral

The highest tier in Drift's system. Full borrowing power. The attacker didn't set it to a lower tier with restrictions — they gave their worthless token the same status as USDC.

oracle_source

11 (SwitchboardOnDemand)

The "oracle" is what tells Drift the price of each asset. The attacker pointed this to a feed they controlled — they could make CVT appear to be worth any price they wanted. On April 1, the oracle pushed 20 price updates valuing 500M worthless CVT at hundreds of millions of dollars.

name

"Default Market Name"

They didn't even bother naming the market. This tells you how confident they were that nobody would notice in time.

🚨 Weapon 2: Circuit Breakers Disabled

What is a circuit breaker?

A circuit breaker is a safety limit on how much value can leave a vault in a given period. Think of it like a fuse box in your house: if too much electricity flows too fast, the fuse blows and cuts the power — protecting the house from a fire. Drift's circuit breakers were designed to do the same for money: if too much value leaves a vault too fast, the breaker trips and blocks further withdrawals. This is specifically designed to prevent what happened — a massive, rapid drain. The attacker raised every breaker to a level so high it would never trigger.

What this means in plain language

The JLP vault's circuit breaker was set to trip at 5 billion units. The attacker raised it to 500 trillion — that's a 100,000x increase. The cbBTC breaker went up 50,000x. The wETH breaker went up 2,500x. Every breaker was raised to 500 trillion — the same ceiling — ensuring that no matter how much the attacker withdrew from any vault, nothing would trip. The safety system that existed specifically to prevent a mass drain was turned off, completely, in one transaction, with no delay, no review, and no alert. This was possible because the admin key had unrestricted permission to modify circuit breaker parameters. There was no "circuit breaker on the circuit breakers."

⚡

Both weapons — one transaction. The fake market creation and the circuit breaker modifications were bundled into a single on-chain transaction at 16:05:39 UTC. Twenty-five seconds later, the withdrawals began. The entire weaponization took less time than it takes to order coffee.

⚡ The Drain — 16:06:04 to 16:06:19 UTC

🐇 What Are "Hops"? — Follow the Rabbit

When investigators track stolen crypto, they follow money from wallet to wallet. Each jump is called a "hop." The more hops, the harder the chase — like a rabbit that keeps jumping and splitting into more rabbits. Here's what the attacker's rabbit did:

Origin

🐇

The attacker wallet. One rabbit. $285M. Easy to find — it received money directly from Drift's vaults.

↓ FIRST HOP

Hop-1

🐇

...×27

27 getaway wallets. The rabbit splits into 27 copies. Like 27 cars leaving the same garage. Still traceable — one jump from the crime.

↓ SECOND HOP — THIS IS WHERE IT EXPLODES

Hop-2

57,331+ wallets and climbing. Each green square = a real wallet. Investigators now chase 57,000+ addresses instead of 27. The sheer volume makes recovery nearly impossible.

Still multiplying at ~590/min right now.

↓ CROSS-CHAIN — leaving the country

Bridge

🌉

Some rabbits cross the border. Funds bridged from Solana to Ethereum via Circle CCTP. 129,066 ETH purchased ($225M). Different blockchain = different tracking system. ETH can't be frozen by anyone.

🪙 The Multi-Token Mix

What they're doing and why

The attacker isn't moving just one type of token. They're pushing five different token types through the same wallet network simultaneously — USDC, Fartcoin, pump tokens, JPYC, and an unknown token. This is deliberate. Imagine laundering cash, gold coins, gift cards, foreign currency, and casino chips all through the same system at the same time. An investigator tracking the USDC trail might miss the Fartcoin moving through the same wallets. When multiple token types flow through one address, it becomes harder to prove which tokens are stolen and which are legitimate. The mix creates ambiguity, and ambiguity slows down enforcement.

🎯 The Concentration Points — Where the Loop Closes

What they're doing and why

After scattering money across 57,000 wallets, the bots don't leave it there. They funnel it back to a small number of collection wallets. Scattered dust is useless — you can't spend 57,000 wallets each holding $4,000. You need to reconsolidate to actually move money to an exchange, bridge it cross-chain, or convert it to ETH. But here's the key: some of the money flows back to the same bot that sent it out. The bot sends money to fresh wallets, those wallets forward it to collection points, the collection points feed it back to the bot, and the bot sends it out again to NEW wallets. Each cycle creates another layer of fake transaction history. This isn't a tree. It's a washing machine.

💰 How the Money Was Divided

The strategy

The attacker used a pyramid distribution: 140 wallets hold 72% of the total value ($147M), while 29,000+ wallets hold small amounts. The thousands of small wallets are camouflage — they look like normal crypto activity. The real money sits concentrated in the 140 wallets at the top. It's a needle-in-a-haystack strategy: hide 140 needles in 29,000 pieces of straw. If investigators can identify and freeze those 140 addresses, most of the money is recovered. But the bots keep adding more straw every minute.

📡 Live Stats

What's happening right now

The laundering bots have been running for 34+ hours straight — no pauses, no downtime. Every minute they run, ~590 new transactions scatter the money further. The window to recover funds shrinks with every second. The attacker is racing to convert the remaining $66.7M USDC before Circle freezes it. The bots are buying time.

🔐 Why It Worked — Two Problems

🧮The Math Problem

Every loop multiplies the trail. Send $1M to 1,000 wallets. Each forwards to 3 more: 3,000 wallets. Again: 9,000. Again: 27,000. After three loops through 57,000 wallets, the trail has millions of transactions. No team can trace them all before the money moves again.

⏱️The Time Problem

Every minute = more wallets, more noise. USDC can be frozen by Circle — but only before the attacker converts it. ETH cannot be frozen by anyone. The $225M already in ETH is beyond centralized recovery. The bots are buying time for the rest.

🧊 What's Still Recoverable

🌉 The CCTP Pipeline — How $463M Left Solana

What they built

The attacker didn't use random bridges. They used Circle's own Cross-Chain Transfer Protocol (CCTP) — the official bridge for moving USDC between blockchains. CCTP burns USDC on Solana and mints fresh USDC on Ethereum. The first CCTP burn happened at 16:05:17 UTC — 54 seconds BEFORE the first vault withdrawal. The bridge infrastructure was running before the heist even started. This is premeditation visible on-chain.

$397.9M

Burned via primary wallet

Wallet 41zCUJs burned $397.9M USDC via 23 CCTP burns between Apr 1 16:05 and Apr 2 13:33 UTC.

$65.1M

Burned via secondary

Wallet 8ubo4HbW burned $65.1M via 19 CCTP burns. Same pipeline, parallel path.

16:05:17

First CCTP burn

54 seconds before the first vault withdrawal. The exit route was live before the money was stolen.

🔷 Ethereum Side — Where the Money Landed

The other side of the bridge

Every USDC burned on Solana via CCTP gets minted as fresh USDC on Ethereum. The attacker had 7 Ethereum wallets waiting to receive. Once the USDC arrived, it was immediately swapped to ETH on DEXes. Three concentration wallets now hold 105,380 ETH (~$225M) with zero outbound transactions. The money is sitting. Waiting.

ETH Wallet	USDC via CCTP	ETH Held	Status
0x55fe...2a	$210.6M (22 mints)	DEX swaps	Active
0xfcc4...66	$63.1M (18 mints)	32,994 ETH	Forwarded
0xe69f...b8	$60.0M (6 mints)	12,000 ETH	Deposited to Binance
0xad38...6b	$58.6M (26 mints)	30,417 ETH	Forwarded
0xef43...f4	$51.9M (18 mints)	24,970 ETH	Forwarded
0xc106...7c	$21.3M	swapped	Active
0xed41...2e	$9.4M	swapped	Active

ETH Concentration Wallets — Still Holding

⚠️

105,380 ETH (~$225M) sitting in three wallets with zero outbound transactions. These wallets received ETH from the CCTP pipeline and haven't moved it. ETH cannot be frozen by Circle or any centralized entity. This is the attacker's endgame — convert everything to unfreeezable ETH and wait.

🔗 Multi-Chain Operation

5+ chains. Simultaneously.

This isn't a single-chain exploit. The attacker is operating across Solana, Ethereum, BSC, Base, and at least two centralized exchanges (Binance, Coinbase) simultaneously. On BSC alone, wallet 0xe69f...b8 has been active since 8 minutes after the drain — 15 transactions across 7 token contracts. The laundering infrastructure spans the entire crypto ecosystem. Every chain adds another jurisdiction, another tracking system, another layer of complexity for investigators.

The Drift Protocol Exploit

📊 The Numbers — What They Actually Mean

🧪 The $1 Rehearsal — March 24, 2026

🔑 The Multisig Takeover

🔫 The Durable Nonce — Pre-Loaded Bullets

💣 The Weaponization — One Transaction, Two Weapons

⚙️ Weapon 1: The Fake Collateral Market

🚨 Weapon 2: Circuit Breakers Disabled

⚡ The Drain — 16:06:04 to 16:06:19 UTC

🐇 What Are "Hops"? — Follow the Rabbit

🪙 The Multi-Token Mix

🎯 The Concentration Points — Where the Loop Closes

💰 How the Money Was Divided

📡 Live Stats

🔐 Why It Worked — Two Problems

🧊 What's Still Recoverable

🌉 The CCTP Pipeline — How $463M Left Solana

🔷 Ethereum Side — Where the Money Landed

ETH Concentration Wallets — Still Holding

🔗 Multi-Chain Operation