Solana's Drift Protocol suffered a $285 million drain on April 1, 2026, via a fake token and governance hijack. Attackers exploited a durable nonce vulnerability to seize administrative control, bypassing security protocols. The breach, attributed to North Korean-linked actors by TRM Labs and Elliptic, leveraged social engineering to trick signers into pre-approving malicious transactions. CVT token—a fictitious asset with 750 million units—was seeded on Raydium to manipulate oracles, creating a false price history.

Drift’s zero-timelock Security Council migration accelerated the attack, enabling rapid fund extraction. Stolen assets were converted to USDC and bridged to Ethereum, netting 129,066 ETH. The exploit erased half of Drift’s $550 million TVL, triggering a 40% drop in its native token.

Experts warn this highlights vulnerabilities in human-centric governance systems, not just code.