On April 2, EmberCN, an on-chain monitoring organization, confirmed that all of the assets stolen from the Drift Protocol by the hacker had been fully converted into about 129,000 ETH (about $278 million). Previously, the attack occurred on April 1, and within less than an hour, the hacker stole more than $270 million from the Drift Protocol liquidity pool.
Attack Scale: Single-Transaction Loss Breaks the 2026 DeFi Security Record
The Drift Protocol losses in 2026 stand out as unusually large among DeFi security incidents. Since January of this year, 15 DeFi protocols have collectively lost more than $137 million, while Drift’s single-incident loss alone reached $285 million—about twice the total amount above—and also far exceeded the previous largest single loss record of $27.3 million, representing an increase of roughly tenfold.
With the attack completed in under an hour, the speed was so fast that immediate recovery was almost impossible. By the time the vulnerability was detected and the treasury entered its protection procedures, most of the assets had already been transferred through multiple layers of technical methods. In 2026, the overall DeFi recovery rate was below 7% ($137 million recovered only $9 million), and industry analysts are highly pessimistic about funding recovery in this incident.
Where the Funds Went: Cross-Chain Transfer Routes and Current Holding Addresses
(Source: Arkham)
According to EmberCN’s monitoring, the hacker transferred the stolen assets to Ethereum via a cross-chain bridge and then uniformly converted them into ETH to sever the trail of the original funds. After the conversion, the approximately 129,000 ETH is currently distributed across the following four Ethereum addresses:
· 0xAa843eD65C1f061F111B5289169731351c5e57C1
· 0x0FE3b6908318B1F630daa5B31B49a15fC5F6B674
· 0xbDdAE987FEe930910fCC5aa403D5688fB440561B
· 0xD3FEEd5DA83D8e8c449d6CB96ff1eb06ED1cF6C7
Distributing funds across multiple storages is a standard post-processing method in large-scale DeFi theft cases. The goal is to reduce the risk of the overall funds being frozen and to increase the technical difficulty of on-chain tracking. Analysts point out that the operating model in this case matches the characteristics of a mature money-laundering process, rather than a simple misplacement of funds, meaning the chances of recovering the funds are extremely low.
Aftermath Impact: A Chain Reaction Triggered by a Liquidity Crisis
The direct loss caused by this attack was a severe depletion of liquidity. Large-scale capital outflows will drive Drift Protocol’s total value locked (TVL) to drop sharply. As the liquidity pool shrinks, trading slippage increases, capital efficiency declines, trading volume gets compressed, and fee revenue falls.
This kind of chain reaction can easily form a negative cycle: declining trading volume weakens liquidity incentives, prompts more market makers to withdraw, and liquidity further deteriorates. Drift Protocol’s governance team’s top priority right now is to formulate a path for capital restoration, present a plan for patching the vulnerabilities to the market, and stabilize existing users’ confidence in their holdings. From a more macro perspective, this incident will increase regulatory scrutiny pressure across the entire DeFi industry and push developers to reexamine the security standards for smart contracts.
Frequently Asked Questions
Is it possible to recover the $285 million stolen from Drift Protocol?
According to on-chain analysis, the hacker has carried out multiple layers of fund transfers via cross-chain bridges and stored the ETH across four different addresses. This is a typical money-laundering route, and the technical difficulty of recovery is extremely high. In 2026, the overall DeFi recovery rate is below 7%, and the industry generally believes recovery hopes for this incident are slim.
Why did the hacker choose to convert the stolen assets into ETH?
ETH is the most liquid asset in the Ethereum ecosystem, making it convenient to cash out further via over-the-counter (OTC) trades or decentralized exchanges. Cross-chain transfers to Ethereum also increase tracking difficulty, helping to sever the direct link between the original attack addresses and the final funds. This is the standard post-processing path for large-scale DeFi theft cases.
What warning does this incident have for the security ecosystem of the DeFi industry?
The scale of Drift Protocol’s single-incident loss exceeds the combined losses of the first 15 DeFi incidents before 2026, highlighting the systemic risk of security vulnerabilities at the protocol layer. This incident may push the industry to accelerate upgrades to smart contract audit standards and implement stricter abnormal-behavior monitoring mechanisms for high-liquidity protocols.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
