Golden Web3.0 Daily | Solana Ecosystem Drift Protocol Under Attack

DeFi Data

1. Total DeFi Token Market Cap: $48.86B

DeFi total market cap data source: coingecko

2. Trading Volume of Decentralized Exchanges in the Past 24 Hours: $60.27

Trading Volume of Decentralized Exchanges in the Past 24 Hours data source: coingecko

3. DeFi Assets Locked: $91.549B**

Top 10 DeFi project locked assets rankings and locked-in amounts data source: defillama

NFT Data

1. Total NFT Market Cap: $7.147B

Total NFT market cap and top 10 projects by market cap ranking data source: Coinmarketcap

2. 24-Hour NFT Trading Volume: $1.483B****美元

Total NFT market cap and top 10 projects by market cap ranking data source: Coinmarketcap

Headlines

Solana Ecosystem Drift Protocol Hit by Attack, Losses at Least $200M

On April 2, the Solana-based derivatives trading platform Drift Protocol experienced a security incident. On-chain data shows losses of at least about $200M, and some estimates are close to $270M.
The project team said it has discovered abnormal activity and is investigating, urging users to not deposit funds into the protocol for the time being, and emphasizing, “This is not an April Fools’ Day joke.”
The attack involved multiple liquidity pools, including JLP Delta Neutral, SOL Super Staking, and BTC Super Staking, among others. A single transfer of about 41.7 million JLP tokens was valued at roughly $155M; in addition, assets such as SOL, USDC, cbBTC, and wBTC were also withdrawn.
According to statistics, this incident may become one of the largest DeFi attacks in the Solana ecosystem after the Wormhole bridge exploit.

AI Hot Topics

1. Doubao Second-Gen AI Phone to Launch in Q2 2026

On April 2, according to a Sina blogger @数码闲聊站, the much-anticipated Doubao second-generation AI phone will launch in the second quarter of 2026.

2. DeepSeek V4 May Be Released in April

On April 2, according to those familiar with the matter, DeepSeek V4 may be released in April. However, the upcoming V4 is very likely still the open-source strongest model, though it is hard to be a crushing-level powerhouse. Because now, across different scenarios, the standards and user perceptions of “strong” have become increasingly diverse.

3.Vitalik Shares His Personal Local LLM Setup, Urges Building More Secure, Open-Source, Localized, Privacy-Focused AI Tools

On April 2, Vitalik Buterin published a post on his personal blog sharing his self-developed, local, private, and secure LLM personal configuration. The setup’s core components include an NVIDIA 5090 GPU laptop, the Qwen3.5:35B model, the llama.cpp inference tool, bubblewrap sandbox isolation, the NixOS operating system, and a custom agent plus a local knowledge base—reducing reliance on remote services.
Vitalik said that if used properly, artificial intelligence can actually create a future with stronger privacy and security guarantees. Locally generated code can replace the need to download large, complex external libraries, enabling more software to be extremely minimal and self-contained. Vitalik also called for more people to focus on building secure, open-source, localized, privacy-focused AI tools so users can use them with peace of mind, and to place control and power in users’ hands.

4. Ark Invest Adds OpenAI Stock to a Series of Funds

On April 1, Cathie Wood added OpenAI to the ARKK, ARKF, and ARKW funds. It is understood that each fund will hold roughly 3% of the shares, allowing retail investors to invest directly in one of the hottest global private companies. Ark Invest previously formally announced that it held OpenAI in 2024 through its ARK Venture Fund (a non-public VC fund), and it has increased its holdings multiple times (including $250M in October 2024).

DeFi Hot Topics

1. Polygon Launches Private Mempool to Avoid Transaction Exposure and Manipulation Risk

Polygon announced it is launching a Private Mempool (private memory pool). By using a private transaction submission endpoint, it provides users with protection from MEV (maximum extractable value). Currently, with public mempool mechanisms, pending transactions are visible to all observers, making them easy targets for bot frontrunning and sandwich attacks—leading to user slippage, transaction failures, or abnormal reverts. A Private Mempool routes transactions directly to block producers selected through validator elections, bypassing the public mempool and structurally avoiding the risk of transaction exposure and manipulation.

2. dYdX Community Approves Using a $10M USDC Insurance Fund to Fund a DAO

The dYdX Foundation announced that the #372 community on-chain vote has passed, approving the use of the Insurance Fund to provide funding support for the DAO.
The proposal is to transfer 10M USDC from the dYdX chain insurance fund to three different entities: 2.5M USDC transferred to the dYdX operations sub-DAO as operating funds, 5M USDC transferred to the dYdX treasury sub-DAO as a discretionary reserve, and 2.5M USDC transferred to the dYdX Foundation for ecosystem development and governance support. This insurance fund currently holds about 17M USDC, of which about 7M USDC is maintained as a protocol security buffer.

3. OpenEden Launches Tokenized High-Yield Corporate Bonds HYBOND

On April 2, OpenEden officially launched HYBOND, the first tokenized product linked to New York bank investment (BNY Investments)’ global short-term high-yield bond strategy, providing qualified investors with an investment channel for an enterprise-bond management-type portfolio.
The product further expands the tokenized real-world assets (RWA) market beyond the currently dominant cash equivalents and government-bond strategies.
HYBOND is issued by OpenEden Digital Limited, which is regulated in Bermuda, while BNY Investments manages the underlying bond portfolio, continuing the companies’ earlier cooperation on tokenized U.S. short-term Treasury products.

4.zERC20 Launches Frictionless Privacy

On April 2, the privacy-protecting project zERC20 launched a frictionless privacy (Frictionless Privacy) feature. With the new wallets connecting to zERC20, the initial gas fee will be waived. The new functionality includes receiving zAssets without gas fees, with transaction fees automatically deducted from the assets; a one-click option to swap part of zAssets into native ETH to pay transaction fees; and cutting on-chain footprints to enable fully anonymous cross-ecosystem transfers.

5**. Drift Protocol: No Evidence That Seed Phrases Were Stolen; Attack Is Highly Complex, Prepared Over Weeks**

On April 2, Drift Protocol posted that a malicious actor gained unauthorized access through a new type of attack involving a durable nonce, quickly taking over management permissions of Drift’s security committee. The attack is highly complex and took weeks to prepare, including the use of durable nonce account pre-signed transactions to delay execution.
Current investigation indicates that the cause of this incident is not a vulnerability in the Drift program or smart contracts; there is no evidence that the seed phrase was stolen; and the attacker obtained permissions through unauthorized or forged transaction approvals (which may involve social engineering). The final result led to the extraction of about $280M in protocol funds. All lending, treasury deposits, and transaction funds were affected. DSOL (not deposited in parts of Drift, including assets staked to Drift validators) and insurance fund assets were not affected; the latter is being extracted for protection. As a preventive measure, all remaining protocol functions have been frozen, and the multisig has been updated to remove the compromised wallet.

Disclaimer: Golden Finance serves as a blockchain information platform. The content of the articles published is for informational reference only and does not constitute actual investment advice. Please everyone establish the correct investment philosophy, and be sure to improve your risk awareness.