Drift, the largest perpetual futures exchange on the Solana blockchain, was hacked on Wednesday, April 1st, losing $280 million — roughly half of all customer funds held on the platform. The company described it as “a highly sophisticated operation that appears to have involved multi-week preparation and staged execution.” Customer funds have been frozen while Drift works to contain the damage. Neither Drift nor the Solana Foundation responded to requests for comment.
The tactics used bear a close resemblance to last year’s attack on crypto exchange Bybit, where North Korean hackers stole $1.5 billion. In this case, hackers appear to have manipulated individuals with access to key wallets to seize control of the protocol, a method known in the industry as social engineering, and one that no amount of smart contract auditing can fully defend against.
The Market Being Targeted Is Booming
Drift operates in the perpetual futures market – derivative contracts with no expiration date that allow traders to speculate on asset prices, often with borrowed money to amplify potential gains. These products have exploded in popularity within decentralised finance, a lightly regulated segment of the crypto market where users trade directly through blockchain-based protocols rather than traditional intermediaries.
The scale of growth is significant. On Hyperliquid, one of Drift’s main competitors, trading volumes grew 420% to $2.93 trillion in 2025, according to data from DefiLlama. Hyperliquid and similar platforms now offer perpetuals on commodities including oil and metals, trading around the clock. Weekend trading on Hyperliquid has risen sharply since the Iran war began, as retail traders look for ways to gain exposure to oil price movements while traditional exchanges like CME and ICE are closed. “Inevitably, people want to trade,” said Mike Cahill, CEO of Douro Labs.
Crypto perpetuals are not yet authorised for trading in the United States, though the newest chair of the US derivatives regulator has announced plans to approve them in the coming weeks.
Drift Hack Arrived at the Worst Possible Moment — Or the Most Predictable One
In crypto, the largest attacks rarely happen in quiet markets. They happen when volumes are surging, attention is elsewhere, and platforms are scaling faster than their security can keep up. The $280 million Drift hack fits that pattern precisely—it struck the leading exchange in one of the fastest-growing segments of decentralised finance at a moment when the Iran war was driving a new wave of retail traders onto these platforms to trade oil risks over the weekend.
The more uncomfortable truth is that the attack vector — manipulating people with privileged wallet access — is familiar, mundane, and relatively easy to execute against teams that are growing quickly and operating under pressure. It is the same method used against Bybit. The industry has known about it. The losses keep coming anyway.
The timing of the US regulatory approval for crypto perpetuals adds another layer of difficulty here. Regulators will now consider whether to bring these products into a formal oversight framework against the backdrop of a $280 million theft from the market’s largest platform. That is not an argument against regulation — if anything, it is an argument for it. But it will complicate and likely slow the process at exactly the moment the market was hoping for clarity.
