Carrot’s TVL Collapses 93% in a Month Following Drift Hack | Crypto Security News
Crypto security news: Carrot’s TVL Collapses 93% in a Month Following Drift Hack. This update explains what happened, why it matters for wallets, exchanges, traders, and users, and what the market should watch next.
Crypto Security Update
Solana-based decentralized finance yield protocol Carrot said Thursday that it is shutting down permanently, becoming one of the first DeFi protocols to fall due to contagion from the Drift Protocol exploit in early April. In an X post on Thursday, Carrot said the Drift exploit was “catastrophic” for the protocol and had left it financially unable to continue operating. The platform set a May 14 deadline for users to withdraw remaining funds. It said it will continue to help recovery efforts related to Drift and distribute assets once they become available.“We are setting May 14th as the deadline to withdraw any remaining funds from Boost, Turbo, and CRT before we will then begin to deleverage the system. Your deposited funds are still yours, but all leverage will be reduced to zero, freeing up all liquidity for CRT redemption,” the protocol’s team said.The Drift protocol exploit on April 1 was the second-largest in 2026. It was a highly coordinated attack that involved months of social engineering by a group of hackers who gained admin control and drained more than half the protocol’s total value locked. The contagion spread to several affiliated projects such as the yield protocol Gauntlet, the lending and borrowing platform PrimeFi and the crypto fund Elemental DeFi. Related: Insider trading backlash forces Polymarket to step up surveillanceCarrot was integrated with Drift’s infrastructure and used its pools to generate yield for its users. Its TVL collapsed after the Drift Protocol hack. According to data from DefiLlama, Carrot’s total value locked was around $28 million before the Drift hack, and is currently $1.99 million, marking a decrease of roughly 93%.Carrot’s sharp TVL drop after the Drift hack. Source: DefiLlamaDefiLlama data also shows nearly $630 million worth of digital assets were stolen in April across 25 incidents, making it the month with the largest losses since February 2025, when $1.47 billion was stolen.The $293 million hack on liquid staking protocol Kelp is the largest exploit of 2026 so far. The Drift hack is close behind at $285 million. Together, these two attacks account for more than 90% of all crypto stolen in April.Magazine: AI-driven hacks could kill DeFi — unless projects act nowCointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.
Why This Security News Matters
First, this development may affect exchange safety, wallet security, user trust, and broader market sentiment. In addition, it may influence platform security practices, fund recovery efforts, and regulatory pressure. As a result, traders and crypto users should watch the next updates closely.
What To Watch Next
Watch for official statements, post-mortem reports, wallet warnings, exchange responses, and fund recovery updates. In particular, any new details about phishing, exploits, private key exposure, or security patches could directly affect the broader crypto market.
