DeFi Protocol Carrot shuts down following fallout from Drift hack

Key points:

• Solana-based DeFi protocol Carrot has announced it will cease operations entirely after suffering severe fallout from the Drift Protocol hack, which wiped out nearly 93% of its liquidity.
• Users have until May 14 to withdraw funds from the platform’s Boost, Turbo, and CRT products. After that date, the team will begin unwinding leverage across the system and shutting down remaining services.

In a statement posted on X, the developers described the April 1 attack on Drift as “catastrophic” for the Carrot ecosystem. They emphasized that the financial damage was too severe for the project to continue operating.

Source: X.com

According to the team, user deposits remain safe, but all borrowing positions will be closed and liquidity will be redirected toward CRT repayments. The developers also said they will continue participating in recovery efforts related to the Drift incident.

Carrot was deeply integrated with Drift’s infrastructure and relied on its liquidity pools to generate yield. Following the attack, a significant portion of Drift’s liquidity disappeared, directly impacting Carrot. Data from DefiLlama shows the project’s total value locked (TVL) collapsed from around $28 million to $1.99 million — a decline of approximately 93%.

Drift: Months of Preparation and Social Engineering

Drift Protocol previously stated that the attackers had been preparing the exploit for several months. According to the project, the hackers built relationships with industry participants at crypto conferences and maintained contact through online channels, gradually earning their trust.

The team claims the attackers later distributed malicious tools and compromised the devices of employees and partners. Estimated losses from the exploit range between $280 million and $285 million.

Major Solana hack: Drift suspends operations

Here’s how the attack unfolded and where the funds were moved.

Читать дальше

Drift also believes the same group behind the October 2024 Radiant Capital hack may have been involved in this attack. In that incident, the project lost roughly $58 million after malware was spread through Telegram.

Carrot was not the only project affected. Other ecosystem participants, including Gauntlet, PrimeFi, and Elemental DeFi, also reported disruptions following the Drift hack.