Drift Protocol Exploited for $285M via Malicious "CVT" Token Manipulation

Key Points

• Total Loss: Over $285 million has been drained from Drift Protocol, making it one of the largest Solana-based exploits to date.

• The Exploit: Security firm OShield reports that two Drift multisig keys were compromised. The attacker used these keys to update the Drift state account and appoint themselves as the protocol admin.

• The Method:

• The attacker initialized a spot market vault for a scam token called CVT.

• They manipulated the oracle price of CVT to an artificially high value.

• By depositing the worthless CVT, the attacker was able to use Drift’s cross-margin and swap features to withdraw $285M in legitimate assets (SOL, ETH, BTC, and JLP).

• Funds on the Move: Arkham data shows the exploiter has converted most assets and bridged them to Ethereum. The attacker currently holds approximately 130,000 ETH (valued at ~$277M).

• Ecosystem Impact: Jupiter Exchange confirmed that $JLP remains safe and fully backed despite the theft of large amounts of the token from Drift's vaults.

• Other protocols have confirmed varying levels of exposure; the full list of impacted teams is still being compiled by SolanaFloor.

• Criticism of Circle: Onchain investigator ZachXBT criticized Circle for failing to intervene or freeze $USDC as millions were bridged from Solana to Ethereum via CCTP over several hours.

• Current Status: The Drift team has confirmed "unusual activity" and urged users not to deposit funds. The team is reportedly safe from physical danger and is currently performing program upgrades to regain admin control of the protocol.

This is an ongoing investigation, and SolanaFloor is closely monitoring all onchain activity.