During the night time period from April 1 to 2 in East Eight Zone Time, the leading DeFi protocol in the Solana ecosystem, Drift, suffered an unprecedented security blow. According to multiple statistics, this attack resulted in around 270 million dollars in asset loss or theft, including approximately 155.6 million dollars in JLP/JPL related positions and 11.3 million dollars in cbBTC stolen. The protocol's TVL plummeted from about 309 million dollars to around 41 million dollars. As an important perpetual contract and derivatives infrastructure on Solana, Drift has long been regarded as one of the "foundations of the ecosystem," and this night not only exposed security gaps within the protocol itself but was also referred to by the community and third parties as one of the most serious security incidents in Solana DeFi history, directly pushing the entire ecosystem's security narrative and trust foundation to the edge of a cliff.

TVL dropped from 300 million to 40 million: funding panic and liquidity vacuum

Before the attack occurred, the locked position of the Drift protocol stabilized at approximately 309 million dollars, making it one of the important liquidity pools in Solana DeFi. After the hacker attack was revealed, on-chain funds quickly responded with the most direct vote—by leaving: public data indicated that Drift's TVL crashed to approximately 41 million dollars, erasing over seventy percent of the locked position in a single event. This level of shrinkage is no longer ordinary market volatility but typifies "liquidity flight."

A deeper wound arises from structural losses. In this incident, the loss of JLP/JPL positions closely related to Drift amounted to about 155.6 million dollars, making it the most critical "black hole" on the balance sheet; at the same time, 11.3 million dollars in cbBTC was stolen, which further amplified the impact in terms of asset class and user structure—it's not just the market-making and leveraged positions that were harmed, but cross-asset exposures also took a severe hit.

From the user's perspective, this significant TVL drop means: pending orders suddenly thin out, depth is no longer reliable, large transactions start to tear prices apart, slippage skyrockets, and participants relying on Drift for risk hedging or high-frequency trading find themselves facing liquidity vacuums right when they need it most. Many users, even if their assets were not directly stolen, were forced to close positions or exchange at very poor prices in tense market conditions, resulting in losses that are hard to quantify.

The cliff drop in TVL not only impacts current liquidity but also directly weakens Drift's recovery capability in the future. The decrease in locked positions means available margins and market-making funds are sharply reduced, requiring the protocol to offer a higher risk premium to re-attract LPs and market makers—whether by increasing yields, providing incentives, or enhancing insurance, all result in higher costs and longer recovery periods. For many risk-averse funds, this incident has already changed their pricing approach towards Drift and the entire Solana DeFi ecosystem: high returns are no longer sufficient; more solid security and governance endorsement are needed.

270 million swept away: fractures in Drift's asset landscape

Regarding the total loss of around 270 million dollars, it is clear to see the asset landscape torn apart by this incident. Firstly, the JLP/JPL related positions closely bound to Drift incurred a loss of approximately 155.6 million dollars, which represents the core "chassis" of the protocol's liquidity and risk exposure, and directly correlates with trading depth, leverage capacity, and funding rate stability; secondly, 11.3 million dollars in cbBTC was stolen, which impacted the on-chain representation of BTC used across assets and scenarios, amplifying the market's psychological cracks regarding "whether BTC on Solana is safe."

From the risk exposure perspective, the losses in JLP/JPL positions are more reflected in the protocol design and liquidity pool level: this pool of funds bears functions such as market making, counterparty support, and leverage backing, and its risk exposure is highly tied to Drift's own mechanisms and security models. Moreover, the assets like cbBTC that were directly stolen were transferred out of the protocol environment through the attack path, representing a more intuitive "asset being emptied out," strongly felt by ordinary users.

In terms of risk tolerance levels, this incident clearly distinguishes several roles. The protocol's self-operated funds bear brand and systemic risk, and even if the absolute amount may not be the largest, it must back up the trust in the ecosystem; LP funds are directly exposed to position losses and TVL evaporation, faced not only with principal gaps but also with double pressure from uncertain future returns and vague compensation mechanisms; ordinary users may not all be on the list of stolen assets, but whether it’s price distortions, forced liquidations, or psychological shadows over future use of Drift, it all constitutes another form of "invisible loss." Beneath the roughly 270 million dollar line, every type of fund pays for the same incident in different ways.

Solana's darkest night? The critical point of ecological trust

Around this incident, the community and third-party data sources generally describe it as “one of the largest or second largest security incidents in Solana DeFi history” (market perspective), repeatedly emphasizing its rarity in terms of the magnitude of money, the breadth of affected users, and psychological impact. Compared to previous security and stability incidents that occurred on Solana, the uniqueness of this Drift attack lies in the fact that it directly hit the core infrastructure of the financial layer, rather than a peripheral application or single asset.

In terms of money, the approximate 270 million dollar loss has placed it in the top tier of large DeFi incidents in crypto history, making such a figure particularly striking for Solana, which takes high-performance chains and capital efficiency as selling points. In terms of the scope of impact, Drift is not an isolated tool but is embedded in a wide network of traders, market makers, and strategic funds as a derivatives hub; once something goes wrong, its impact path can quickly overflow into broader funding networks through leverage, LPs, and hedging chains.

On the psychological level, this incident reignited external concerns over the “whether high performance comes at the cost of safety” issue. For a long time, Solana has built a narrative of "capable of supporting high-frequency finance" with high TPS and low fees, but when a leading derivatives protocol on such a chain takes a heavy blow overnight, doubts converge in one direction: under rapid innovation and complex combinations, have permission management, risk isolation, and audit transparency kept pace? This is not a debate over a single point of failure, but rather a question: is Solana DeFi as a whole truly ready to handle hundreds of billions or even larger scale on-chain financial activities?

Jupiter hurriedly speaks out: JLP, Drift, and entangled user perceptions

Shortly after the event broke, another major liquidity and aggregation gateway in the Solana ecosystem, Jupiter, quickly spoke out on social media and within the community, emphasizing: “JLP assets are fully backed by underlying assets, and this incident is a tough moment for the Solana DeFi ecosystem” (according to A, C), and explicitly stating that its platform was not directly affected by the Drift theft incident (according to A). The urgency behind this statement is clear—regardless of whether the technical or asset pool level is connected, in the user’s mind, “JLP,” “Drift,” and “Solana DeFi” have long been bundled together.

For ordinary users, assets like JLP, which carry the labels "LP," "yield," and "aggregation," can easily be confused with LP positions and leveraged funds on Drift; when they see numbers like “JLP related position loss of 155.6 million dollars,” panic naturally spreads to all similarly named and narratively similar products. For this reason, Jupiter had to quickly draw clear boundaries: on one hand, reiterating that JLP assets are fully backed by underlying assets, attempting to stabilize the confidence of its own LPs and liquidity providers; on the other hand, helping the entire ecosystem craft a clearer narrative on asset separation—identifying which part belongs to Drift's risk exposure and which part falls under Jupiter's own risk domain.

This crisis is a form of inverse education: during a bull market and high-yield narratives, users often only remember "annualized how much" and "where aggregated," but rarely distinguish the actual asset isolation and risk boundaries among protocols. When the black swan descends, the ambiguous association between JLP and Drift can quickly transform into a panic contagion, compelling leading protocols to further strengthen transparency and understandability in product naming, asset explanations, and documentation education, clearly communicating to users: who’s risk are you actually buying into?

From single-point explosion to systemic pressure test: the security redesign of Solana DeFi

Although details about the specific attack techniques and permission chains are still lacking, the Drift incident has already allowed us to initially outline the systemic shortcomings in permission management, risk isolation, and emergency planning in Solana DeFi. On one hand, complex derivatives protocols often involve multiple layers of contract calls and permission controls, and if any segment becomes overly centralized or lacks multi-signature constraints, it can turn into a "single point of breakthrough" worth hundreds of millions in the eyes of attackers; on the other hand, insufficient risk isolation between asset pools can lead to losses that should be contained within a module being magnified into systemic shocks across products and user groups.

It is foreseeable that there will soon be a round of new security enhancements and transparency improvements at both the protocol and ecosystem levels. Protocols will find it hard to simply fulfill obligations with "one audit" or "historical security records," but will need to:

● Strengthen multi-stage, continuous auditing and monitoring mechanisms, focusing not only on the contracts themselves but also examining the permission architecture, upgrade processes, and external dependencies;
● Explore stricter permission decentralization and emergency switch designs, allowing for the rapid freezing of suspicious operations under extreme conditions to minimize the loss radius;
● Introduce or expand the coverage of insurance and risk reserve mechanisms, ensuring LPs and users have clearer compensation expectations during black swans, rather than relying entirely on “moral backing” after the fact.

In the short term, users' risk preferences will inevitably contract, with some funds potentially migrating from Solana to other public chains or centralized platforms considered “more established and stable,” and more funds will hedge and diversify across chains. For developers, this blow serves both as a setback and a sorting mechanism: some projects that only prioritize quick launches and quickly absorbing TVL may slow down or even withdraw, while teams that focus more on security engineering and auditing compliance may emerge as new "trust anchors" for the ecosystem under heightened standards.

After the bloody lesson: how users and protocols rebuild security consensus

The Drift incident's impact on Solana DeFi is not only reflected in the erased approximately 270 million dollars in assets, but more so in tearing apart the illusion that "high performance, public chain narrative and financial-level security can easily coexist." For funds and developers that have long bet on Solana, this is a structural reassessment of trust: in the past, vulnerabilities could be comforted with "early risks" and "growing pains," but now they are forced to confront whether the ecosystem truly possesses the institutional foundation to support large-scale derivatives and complex finance.

For ordinary users, this black night also provided a brutally necessary checklist—when weighing on-chain yields against security, it’s crucial to focus on signals such as: whether the protocol has a clear explanation of permissions and upgrade mechanisms, whether it publishes multiple, phased audit reports, whether it establishes transparent risk reserves or insurance pools, whether it discloses asset isolation and funding flows in an understandable manner, and whether it has explicit emergency plans and communication mechanisms in case of incidents. Answers to these questions are likely to determine whether a protocol is worthy of long-term trust, far more than just annualized yield levels.

In the larger context of multi-chain competition, with the strengthening of regulatory expectations and the rising frequency of security incidents, DeFi on Solana and other public chains will increasingly be drawn into a “competition of security engineering and risk governance.” Whoever can find a more robust balance between performance, cost, and security, who can design a permission architecture, auditing system, and insurance compensation that are verifiable and replicable industry benchmarks, will have a higher chance of becoming the preferred habitat for institutional funds and compliant capital in the next phase. The night of Drift is a price to pay, but also a turning point: for Solana, this could either be the starting point of trust falling or the beginning of reconstructing the security narrative, the key lies in how the ecosystem responds next, and whether users are willing to give it a chance to “graduate from the bloody lesson.”

Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh

OKX benefits group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance benefits group: https://aicoin.com/link/chat?cid=ynr7d1P6Z

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。