Solana-based Drift Protocol has suffered the largest exploit of 2026 to date, losing nearly $300 million in a “highly sophisticated operation” that has raised concerns about the growing threat of human-targeted attacks in the crypto space. Related Reading: Bitcoin ETFs Break Four-Month Negative Streak With $1.32B Inflows While ETH, XRP Funds Bleed Solana DEX Loses $285M On April Fool’s Day On Wednesday, Solana-based decentralized exchange (DEX) Drift Protocol was the victim of an exploit that stole hundreds of millions of dollars from its vaults. After online reports flagged unusual on-chain activity yesterday afternoon, Drift’s official channels confirmed the attack, quickly suspending deposits and withdrawals. According to reports, the attack lasted less than 20 minutes and stole around $285 million in multiple assets, including USDC, JPL, USDT, JUP, USDS, WBTC, and WETH, from nearly 20 vaults. This marks the largest crypto exploit of 2026 to date, and one of the largest hacks in the industry, just above WazirX’s $235 million hack. The hack wiped out half of the Solana-based project’s total value locked (TVL), which fell from roughly $550 million to $252 million, per DeFiLlama data. Drift protocol’s token, DRIFT, also plunged, retracing nearly 40% over the past 24 hours. Within hours, the exploiter had swapped $270.9 million into USDC, bridged them from Solana to Ethereum via the CCTP TokenMessengerMinterV2, and purchased 129,000 ETH, splitting them across multiple wallets. In a Thursday post, Drift shared the details of the incident, affirming that “a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers.” Solana’s durable nonces are an advanced mechanism that allows transactions to bypass the typical short expiration date of regular transactions. This enables users to pre-sign transactions for future execution, offline signing, or complex multisig workflows. “This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution,” the post continued. Malicious Actors Targeting Humans, Not Smart Contracts The Solana-based DEX emphasized that the exploit was not the result of a bug in Drift’s programs or smart contracts, noting that they found no evidence of compromised see phrases either. “The attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” the project underscored. Lily Liu, President of the Solana Foundation, addressed the incident, asserting that it is a blow to the whole Solana ecosystem. Liu pointed out that “Smart contracts held up. The real targets now are humans: social engineering and opsec weaknesses more than code exploits.” Related Reading: Analyst Forecasts More Pain For XRP In Q2 – How Much Lower Can It Go? Ledger CTO Charles Guillemet linked Drift’s attack method to Bybit’s $1.4 billion hack, which was attributed to North Korean hacking groups. As he explained, the attackers likely compromised several machines belonging to multisig signers through long-term infiltration and misled operators into approving the malicious transactions. This modus operandi is similar to the Bybit hack last year, widely attributed to DPRK-linked actors. The pattern is becoming familiar: patient, sophisticated supply-chain-level compromise targeting the human and operational layer, not the smart contracts themselves. Guillemet affirmed that the incident is “yet another wake-up call for the industry” to raise the bar on security. “Ultimately, security is not just about code audits. It’s about giving operators and users the right information at the right time, so they can make informed decisions about what they sign,” he concluded. Featured Image from Unsplash.com, Chart from TradingView.com
The team behind the DeFi protocol CrediX is suspected of an exit scam following a recent $4.5 million security breach. The team has reportedly “vanished” from the project’s official channels despite promising refunds, leaving customers empty-handed. Related Reading: Ethereum Breakout Is ‘Imminent’ Amid $3,850 Retest – Analyst Eyes $5,000 For This Quarter DeFi Protocol Suffers $4.5 Million Exploit On Friday, security firm CertiK reported that the DeFi lender CrediX’s team had disappeared following the platform’s recent exploit, leaving its website offline since the August 4 incident and suddenly deleting the official X account. For context, the Sonic-based DeFi lender suffered a security breach on Monday after a potential wallet compromise led to the theft of $4.5 million from the protocol’s liquidity pool. Blockchain security firm PeckShield explained that the alleged hack was due to a compromised admin account, which allowed the exploiter to abuse its BRIDGE role to mint unbacked acUSDC (Sonic USDC) tokens, borrow against them, and drain the pool, before bridging the assets from Sonic Network to Ethereum. Notably, SlowMist found that the CrediX multisig wallet added an attacker as an admin and bridge role via ACLManager six days before, which raised concerns among investors. The DeFi lender’s team acknowledged the incident on X, stating that they had disabled the website to prevent users from depositing. Later, the team informed its community that it had allegedly “reached successful parley with the exploiter, who agreed to return the funds within the next 24-48 hours.” According to the now-deleted post, posted on CrediX’s official Telegram account by a user, the attacker agreed to return the funds “in return for money fully paid by the credix treasury.” The team affirmed that they would airdrop the funds to the affected users’ addresses in “the respective timeframe.” CrediX Goes Dark The following day, the team addressed the exploit on Telegram, stating, “We are truly sorry for this devastating incident and the impact it may have on our community,” and affirmed that they would keep users updated on the next steps before disappearing and deactivating the official X account. On Thursday, the Sonic-based Stability DAO confirmed on its Discord server that CrediX had “gone dark and disappeared,” directly affecting the protocol’s users. The exploit affected Stability DAO’s Metavaults as the project had recently integrated with CrediX. In the message, the protocol announced that all the affected teams, including Sonic Labs, Euler, Beets, and Rines Protocol (Trevee), were in communication and actively working on “filing a formal legal report with the authorities in hopes of recovering lost funds.” Additionally, they have obtained information on two of the DeFi lender’s members, which would be added to the report alongside the rest of the evidence. “A full incident report will be shared with the community soon, outlining everything that happened and what steps are being taken,” the message vowed. Related Reading: Cardano (ADA) Targets $0.80 As Price Retests Key Level – Is An 85% Jump Ahead? This incident follows the alarming trend that has been developing this year. As reported by NewsBTC, crypto theft has surged this year, reaching a total loss of $2.7 billion in the first half of 2025. By the end of June, more value had been stolen year-to-date (YTD) than during the same period in 2022, suggesting that theft from crypto services and DeFi projects could potentially hit $4.3 billion by year’s end. Featured Image from Unsplash.com, Chart from TradingView.com
In a positive development for the crypto community, the individual responsible for the GMX exploit accepted the platform’s bounty and returned over $40 million worth of assets stolen from the project. Related Reading: Drop NFTs Like It’s Hot: Snoop Dogg’s Telegram Collection Raises $12M In 30 Minutes Crypto Hacker Takes $42 Million From GMX On Friday, the recent GMX V1 exploit ended on a happy note after the individual responsible for the incident turned into a white-hat hacker. Perpetual and spot crypto exchange GMX lost over $40 million on Wednesday when an attacker exploited a vulnerability in the protocol’s first version on Arbitrum. According to online reports, GMX V1’s vault contract had a vulnerability that allowed the attacker to manipulate the GLP token price through the system’s calculations. Blockchain security firm SlowMist explained that “The root cause of this attack stems from GMX v1’s design flaw, where short position operations immediately update the global short average prices (globalShortAveragePrices), which directly impacts the calculation of Assets Under Management (AUM), thereby allowing manipulation of GLP token pricing.” Through a reentrancy attack, they successfully established massive short positions to manipulate the global average prices, artificially inflating GLP prices within a single transaction and profiting through redemption operations. As a result, approximately $42 million worth of assets, including Legacy Frax Dollar (FRAX), wrapped bitcoin (WBTC), wrapped ETH (WETH), and other tokens, were transferred from the GLP pool to an unknown wallet. The perpetual crypto exchange halted GMX V1’s trading and GLP’s minting and redeeming on both Arbitrum and Avalanche to prevent another attack and protect users’ funds. However, they clarified that the exploit was limited to GMX’s V1 and its GLP pool. GMX V2, its markets, or liquidity pools, and the GMX token were not affected and remained safe. White-Hat Claims $5 Million Bounty Following the incident, GMX sent a message on-chain and on X offering a $5 million white-hat bounty to the attacker, claiming that their abilities were “evident to anyone looking into the exploit transactions.” GMX’s team noted that returning the funds within the next 48 hours and accepting the bounty would allow the hacker to “spend the funds freely,” instead of taking additional risks to access them. They also vowed not to pursue any legal action and to assist the exploiter in providing proof of source for the funds if it is ever required. Today, the exploiter responded in an on-chain message, accepting the bounty and starting the return process. As Lookonchain reported, they initially returned $10.49 million worth of FRAX on Friday morning. Meanwhile, another $32 million worth of assets had been swapped into 11,700 ETH, which are now valued at $35 million after the King of Altcoins’ price jumped to the $2,990 mark. In the following hours, the hacker returned 10,000 ETH, worth $30 million, keeping only 1,700 ETH, valued at $5.2 million, as the bounty. Related Reading: Solana Ready For $160 Reclaim? Analysts Say Breakout Is A Matter Of Time GMX later confirmed that the funds have now been safely returned and thanked the white-hat hacker for their actions, ultimately giving a positive turn to the incident. Lastly, they informed users that “contributors are working on a proposed distribution plan for presentation to the GMX DAO and will share more information shortly.” Featured Image from Unsplash.com, Chart from TradingView.com
Crypto exchange Phemex appears to have been the victim of a multi-million exploit on Thursday, according to online reports. Millions worth of USDT, USDC, Ethereum (ETH), and other crypto assets were stolen from the exchange’s hot wallets, resulting in a temporary half of withdrawals. Related Reading: Solana (SOL) To $300 This Month? ‘All Bets Are Off’ Once It Reclaims This Level Phemex Suffers First Crypto Exchange Hack Of 2025 On Thursday morning, the first crypto exchange hack of the year hit the industry. Multiple reports revealed suspicious activity involving Phemex’s hot wallets was taking place over several chains. Blockchain security firm Cyvvers shared on X it had detected multiple transactions to several suspicious wallets on different chains, “including BNB, ETH, OP, POL, BASE, and ARB.” The security firm’s initial report stated that over $29 million worth of crypto had been transferred to the suspicious addresses, later raising the sum. “Upon deeper analysis, it has come to light that both BTC and TRON blockchains have also been impacted, with the estimated total loss now reaching approximately $37 million,” the update read. Cyvvers seemingly identified around 125 suspicious transactions spread across the different blockchains and noted that the attackers had started swapping the tokens to Ethereum (ETH) to avoid potential freezing measures. Meanwhile, on-chain data analysis firm Lookonchain broke down the crypto heist, stating that the hack had taken around $31 million worth of crypto assets. According to the analysis, 3.48 million USDC, 3.42 million USDT, and 841 ETH, worth $2.7 million were drained from the exchange’s hot wallet. Additionally, the attackers took 110,701 LINK, 142 billion PEPE, 1.19 million FET, and 29,509 AVAX, valued at around $7.3 million combined. Lookonchain also listed ONDO, TRX, CRV, JASMY, AAVE, SHIB, GRT, and BRETT, as part of the stolen crypto assets. Compensation Plan In The Works After the news, Phemex CEO Federico Variola confirmed the attack on one of the crypto exchange’s hot wallets. Variola assured users that Phemex’s cold wallets remained safe and that they were investigating the reports. The exchange then announced on X the temporary halt of withdrawals due to the emergency inspection and strengthening of the security measures but did not offer further details about the incident. To ensure security, withdrawals have been temporarily suspended while we conduct an emergency inspection and strengthen wallet services. We sincerely apologize for the inconvenience. Withdrawals will be restored soon. Phemex and the development team apologize for the disruption. Our mission to provide a seamless and trusted trading environment remains firm. Nonetheless, the post stated that ongoing business operations were fine and that trading services continued as usual. Phemex’s team also revealed they are working on a compensation plan, which will be announced soon. It’s worth noting that, in 2024, the number of hacks and total value lost increased from the year prior. According to Chainalysis data, 2024 was the fourth consecutive year in which the funds stolen from crypto hacks exceeded the billion-dollar mark. Related Reading: Number Of New Trump-Themed Malicious Tokens Spike 206% After Official Memecoin Launch Additionally, the total value stolen surged to $2.2 billion last year, and it became the year with the most individual hacks, reaching 303 incidents by December. Centralized exchanges (CEXs) were the most targeted platforms in Q2 and Q3, recording some of the largest incidents in the industry’s history, while Decentralized finance (DeFi) platforms accounted for the largest share of stolen assets in Q1, like most quarters between 2021 and 2023. Featured Image from Unsplash.com, Chart from TradingView.com
Web3 and blockchain gaming firm Gala Games partnered with Animoca Brands to boost its native token. The companies joined forces to develop the altcoin and enhance users’ experience. Nonetheless, GALA has faced a 6.7% price decline following the news. Related Reading: FET Drops 9% As ASI Token Merger Phase 1 Kicks Off Gala Games To Boost User Experience On Wednesday, Gala Games announced its partnership with Hong Kong-based game software and Venture Capital company. The collaboration aims to enhance the token experience for users. The Web3 and blockchain gaming platform focuses on video games compatible with blockchain technology. Additionally, it allows players to earn crypto tokens and non-fungible tokens (NFTs) through gameplay. Per the announcement, the companies will work together to develop the token. Animoca Brands will receive GALA tokens from the firm’s treasury to “provide liquidity provisioning services” to the Web3 gaming platform. This move aims to facilitate the token’s orderly trading. As highlighted in the X post, Animoca Brands operates nine Gala Founder’s Nodes and plans to serve as a GalaChain Validator. Many users and crypto investors received the news well. Some users considered the news was bullish for the token. Others stated that the company is finally “making some noise.” The announcement also sparked interest in the gaming and NFT community. LordBenalez, COO of community-driven NFT project Mittaria, expressed interest in the collaboration. “About time. Glad to see the two big companies joining hands. Looking forward to hearing more about the collaboration,” read the reply. GALA’s Price Sees 7% Retrace Despite the overall positive reaction, GALA’s price plunged after the news. The token fell from the $0.0275 price range to the $0.0255 mark, a 7.2% price drop. The recent price action represents a 6.7% retrace in the last 24 hours. The token’s performance also shows red numbers in the longer timeframes. GALA’s price has been downtrend since its March high of $0.081. Following the retrace at the beginning of Q2, the token hovered between the $0.04 and $0.5 range. However, the sideways movement was halted by the late May security breach to which the company fell victim. As reported by NewsBTC, the web3 gaming company suffered an exploit, which resulted in the minting of 5 billion tokens worth $219 million. The incident saw the unauthorized sale of 600 million GALA tokens, worth around $21 million. Additionally, 4.4 billion tokens were burned. This resulted in the price falling from $0.046 to $0.037, a 20% decline following the exploit. Related Reading: Baked Or Burned? Trader Makes 307x From Solana Token But Investors Raise The Alarm Since then, the token has continued the downtrend, registering a 43.5% decrease in the past month. Some market watchers suggest that the token might be getting ready to bounce off the lower trendline and break out of the $0.035 resistance zone before soaring to the $0.1 price target. Featured Image from Unsplash.com, Chart from TradingView.com