"The Drift hack, now the largest DeFi exploit of 2026 and the second-largest in Solana's history, struck at roughly 20:00 UTC on April 1. Attackers, suspected to have ties to North Korean state-sponsored groups, used a novel, durable nonce exploit to compromise Drift's administrative controls."
"Carrot held significant exposure through Drift-integrated vaults and liquidity positions. Estimates placed roughly 50% of Carrot's TVL at risk, with some analyses citing losses above $8 million."
"The protocol's CRT net asset value was adjusted to approximately $57.52 to $57.58 per token in mid-April updates, reflecting both realized and unrealized impacts."
Carrot, a Solana-based DeFi yield protocol, announced its shutdown on April 30, 2026, following significant losses from the Drift Protocol exploit. The exploit, which occurred on April 1, drained approximately $285 million and was linked to attackers with potential ties to North Korean groups. Carrot's exposure to Drift resulted in an estimated 50% of its total value locked being at risk. Users have until May 14, 2026, to withdraw funds before forced deleveraging begins, and recovery distributions will be made via IOU tokens based on a snapshot taken on April 1.
Read at news.bitcoin.com
Unable to calculate read time
Collection
[
|
...
]