Drift Protocol, one of the largest decentralized exchanges on Solana, lost an estimated $285 million in an exploit that leveraged a little-known feature called durable nonces. According to unconfirmed reports, BitMEX co-founder Arthur Hayes has questioned whether native multisig on Solana could have prevented the breach.
Drift confirmed on April 1, 2026 that it was experiencing an active attack, had suspended all deposits and withdrawals, and was coordinating with security firms, bridges, and exchanges. By April 2, the protocol released a fuller account, stating that a malicious actor gained unauthorized access through a novel attack involving durable nonces and rapidly took over Drift's Security Council administrative powers.
On-chain estimates from PeckShield put the total exploit as high as $285 million, while Arkham-linked transfers to the attacker's address exceeded $250 million. DRIFT traded at roughly $0.043 following the incident, reflecting a 24-hour decline of about 39%, with market cap compressed to approximately $25 million and 24-hour volume surging to nearly $30 million.
What Arthur Hayes Actually Questioned About Solana Native Multisig
According to a single unverified report, Arthur Hayes raised the question of whether native multisig functionality on Solana could have stopped the Drift exploit. No fetchable primary source, such as a direct post, interview, or major media article, has corroborated the attribution. The claim frames Hayes's comment as a post-event analysis point rather than a confirmed technical verdict.
The question is relevant regardless of who raised it because of the specific attack vector. Solana's durable nonce feature allows a signed transaction to be submitted well after signing because the nonce does not expire like a standard recent blockhash. This creates a window where a pre-signed transaction could sit dormant until conditions favor execution, bypassing time-based security assumptions.
In theory, requiring multiple signers through a native multisig scheme would add an authorization layer that a single compromised key could not satisfy alone. Whether that would have been sufficient to block this particular exploit, which involved rapid takeover of administrative powers, remains an open design question rather than a settled conclusion.
Why the Drift Hack Has Reopened Debate Around Solana Security Design
The breach stands out because the attacker did not exploit a smart contract logic bug. Instead, the compromise targeted Drift's Security Council, the governance layer responsible for administrative control over protocol parameters. By seizing those powers, the attacker could authorize withdrawals and changes that normal users and standard security monitoring would not flag in time.
This pattern echoes concerns raised around other major DeFi incidents. Ledger's CTO separately linked the Drift exploit to suspected North Korean actors, highlighting the sophistication of the attack and the broader state-level threat landscape facing DeFi protocols. The incident also arrived during a period of extreme market stress, with the crypto Fear & Greed Index sitting at 12, deep in "Extreme Fear" territory.
The industry response was immediate. DeFi Development Corp., a publicly listed Solana treasury company, issued a statement confirming it had no exposure to Drift Protocol and no impact from the exploit. That kind of preemptive distancing underscores how contagion fear spreads rapidly when a top-tier protocol is compromised.
What Traders, Protocol Teams, and Crypto Watchers May Focus on Next
For protocol teams across Solana, the Drift exploit is a case study in governance-layer risk. The durable nonce vector specifically challenges assumptions about transaction finality and signing workflows that many projects may share. Teams running similar Security Council or admin-key structures will face pressure to audit their own authorization flows.
Drift's pre-exploit total value locked stood at roughly $239.65 million, meaning the estimated loss exceeds the protocol's entire TVL, a ratio that complicates any recovery scenario. Traders watching DRIFT's 39% drawdown alongside $30 million in daily volume will be tracking whether the protocol can recover frozen funds or negotiate with the attacker.
Regulatory observers may also take notice. While no direct enforcement action has emerged, the scale of the exploit adds fuel to ongoing debates about whether DeFi protocols need formal security standards. The CFTC has separately signaled that existing financial systems are outdated and highlighted blockchain's potential, but incidents of this magnitude test the limits of self-regulation.
The broader macro backdrop compounds risk sentiment. Moody's recent Bitcoin haircut proposal already raised questions about forced-selling triggers across digital asset portfolios, and a $285 million exploit during a period of extreme fear only intensifies calls for stronger operational safeguards.
Whether the multisig question attributed to Hayes gains traction as a serious design proposal or fades as post-hack speculation, the Drift exploit has forced a concrete reckoning with how Solana protocols manage administrative authority. The next meaningful signal will be Drift's own post-mortem and any on-chain recovery efforts.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.