Overview
- Carrot, a Solana DeFi yield app that routed deposits through Drift to earn yield, is closing and asking users to withdraw by May 14 before it cuts all leverage to zero to free liquidity for CRT redemptions.
- The team said the Drift hack crippled operations, and DefiLlama shows Carrot’s total value locked fell from about $28 million to $1.99 million.
- Drift estimates the April 1 breach cost about $280 million and says attackers spent months posing as a quantitative trading firm to build trust at conferences and online before delivering malicious tools.
- Drift reports it has medium-high confidence the same actors were behind the October 2024 Radiant Capital breach that stole about $58 million.
- The fallout has spread across connected projects, with Gauntlet, PrimeFi, and Elemental DeFi reporting disruptions, as April logged nearly $630 million in crypto exploits across 25 incidents led by Kelp and Drift.