WASHINGTON— A roughly $285-million theft from decentralized finance platform Drift Protocol is putting fresh pressure on U.S.-regulated stablecoin issuers, after millions of dollars in stolen funds were traced through USDC and other tokens in what blockchain security firm CertiK said was the largest crypto security incident of 2026 so far, American Banker reported.
The breach gutted more than half of the assets deposited on Drift, a major Solana-based perpetual futures venue, and sent the platform’s native token down 37%, according to American Banker. Drift said it suspended deposits and withdrawals after disclosing an active attack, while outside analysts cited loss estimates ranging from about $136 million to roughly $285 million before later tracing pointed to losses above $280 million.
American Banker reported the attack involved a rapid takeover of Drift’s Security Council administrative powers. Drift later said the incident appeared to involve compromised multisig approvals, likely through targeted social engineering or transaction misrepresentation, underscoring that governance controls—not just code—can become critical points of failure in DeFi systems.
The stablecoin angle is drawing particular attention. American Banker, citing PeckShield, reported that about $71.4 million of the stolen assets were in USDC, issued by Circle, and said the incident raised questions about whether regulated crypto firms are able—or willing—to monitor and freeze illicit flows quickly enough when hackers move funds through centralized chokepoints.