Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
Charles Guillemet, the CTO at Ledger, has shared his take on today’s hack of the Drift Protocol on the Solana chain. He has called this event the biggest hack in 2026 so far.
This morning the official X account of the Drift Protocol confirmed the exploit and the loss of approximately $213 million in crypto. Later, on-chain trackers on X began reporting that the hacker started converting the stolen stablecoins into Ethereum.
"The biggest hack of 2026 so far" and a wake-up call
By the scale of the hack, Guillemet compared the exploit of the Drift Protocol, one of the major perpetual dexes on the Solana chain, to the Wormhole Bridge exploit that happened in 2022.
While not all the details have been disclosed so far, he continues, what was compromised was the multisig which controlled the protocol. And it was done several days or perhaps even weeks before the hacker drained the funds from the platform
The private keys were either stolen by the hacker or, which the Ledger CTO believes to be more likely, the hacker compromised several machines ran by multisig signers and then “tricked the operators into approving a malicious transaction.” In this case, the signers thought they were approving a legal transaction while they were actually authorized the drain without even knowing it.
This method of hacking looks similar to the attack on the Bybit exchange in 2025 and it is widely used by DPRK-linked bad actors, Guillemet concluded. The pattern of this modus operandi is the following, per the CTO: “patient, sophisticated supply-chain-level compromise targeting the human and operational layer, not the smart contracts themselves.”
Charles Guillemet believes this is a big wake-up call for the whole crypto industry to implement better mechanisms to detect such vulnerabilities before they can be exploited. Also, he insists that secure key management and clear signing must be implemented.
Tether CEO's reaction to the hack
Paolo Ardoino sent kudos to the USDT0 team, praising their quick response to the Drift Protocol exploit. Once the drain happened, the team paused the legacy mesh infrastructure for the Solana chain within 90 minutes, fearing that the hacker might use it.
Legacy Mesh links native USDT across major blockchains, like Ethereum, Solana, and TON, and allows for seamless omnichain transactions of USDT without wrapped tokens.
Dan Burgin
U.Today Editorial Team
Vladislav Sopov
