Drift Suspends Services After Security Incident Drains Hundreds of Millions in Cryptocurrency

What happened

Drift Protocol suspended deposits and withdrawals on Wednesday after confirming it was under active attack and investigating unusual activity on the platform. The company said it was coordinating with multiple security firms, bridges, and exchanges to contain the incident. Security experts said the losses appeared severe, with estimates varying widely. PeckShield said more than $285 million may have been stolen, while other firms said at least $130 million in cryptocurrency was seen being siphoned from the platform. The company did not confirm a loss figure. Researchers also said the attacker was repeatedly converting the stolen funds into other coins as the incident unfolded. The exact method used in the theft remained under debate at the time of reporting.

Who is affected

The direct impact falls on Drift Protocol and its users, particularly those relying on deposits and withdrawals that were suspended during the incident. The platform, built on the Solana blockchain, offers borrowing, lending, perpetual trading, and spot trading services.

Why CISOs should care

This incident matters because it shows how quickly a security event in a digital asset platform can escalate into a large-scale loss event while forcing immediate suspension of core customer functions. It also highlights the pressure to coordinate across security firms, bridges, and exchanges in real time to contain fund movement once an attack is underway.

3 practical actions

1. Prepare to halt core functions fast: Ensure leadership and operations teams can quickly suspend high-risk transactions or transfers when active exploitation is detected.
2. Build external containment relationships in advance: Establish response paths with security firms, counterparties, and exchange partners before an incident requires urgent coordination.
3. Track fund movement during live incidents: Treat rapid asset conversion and cross-platform movement as a central part of incident scoping when stolen digital assets are involved.

For more news about disruptive intrusions affecting digital platforms and customer operations, click Cyberattack to read more.