$285 million drained in 12 minutes. That's what happened to Drift Protocol on April 1st and no, it wasn't a joke. The largest DeFi hack of 2026 just hit Solana's biggest perpetual futures exchange and the way it was pulled off is something every crypto user needs to understand.
This wasn't a smart contract bug. Auditors had reviewed Drift's code as recently as February 2026 and found nothing. The attack was a governance hijack. The attackers spent weeks preparing, tricked multisig signers into pre-approving hidden transactions using Solana's durable nonce feature, created a completely fake token called CarbonVote with just a few thousand dollars in seeded liquidity, manipulated Drift's oracles into treating it as legitimate collateral worth hundreds of millions, and then drained nearly 20 vaults in a single sweep. The DRIFT token crashed over 40%. TVL got cut in half. A dozen other Solana protocols paused operations just from the shockwaves.
TRM Labs and Elliptic both believe this has North Korea's fingerprints on it, the same group behind last year's $1.4 billion Bybit hack. The laundering happened faster than even Bybit. Most of the stolen funds are already sitting across four Ethereum wallets holding roughly 129,000 ETH.
The Solana Foundation's own president said it best: smart contracts held up. The real targets now are humans. Social engineering and operational security failures, not broken code. That's the new threat model for DeFi in 2026 and honestly it's scarier because no audit can fully protect against it.
What do you think, can DeFi governance ever be truly safe against this kind of attack? Drop your thoughts below.