Solana-based decentralized finance yield protocol Carrot mentioned Thursday that it’s shutting down completely, changing into one of many first DeFi protocols to fall on account of contagion from the Drift Protocol exploit in early April.
In an X submit on Thursday, Carrot mentioned the Drift exploit was “catastrophic” for the protocol and had left it financially unable to proceed working. The platform set a Could 14 deadline for customers to withdraw remaining funds. It mentioned it can proceed to assist restoration efforts associated to Drift and distribute property as soon as they grow to be out there.
“We’re setting Could 14th because the deadline to withdraw any remaining funds from Enhance, Turbo, and CRT earlier than we’ll then start to deleverage the system. Your deposited funds are nonetheless yours, however all leverage shall be lowered to zero, releasing up all liquidity for CRT redemption,” the protocol’s group mentioned.
The Drift protocol exploit on April 1 was the second-largest in 2026. It was a extremely coordinated assault that concerned months of social engineering by a bunch of hackers who gained admin management and drained greater than half the protocol’s complete worth locked.
The contagion unfold to a number of affiliated tasks such because the yield protocol Gauntlet, the lending and borrowing platform PrimeFi and the crypto fund Elemental DeFi.
Associated: Insider buying and selling backlash forces Polymarket to step up surveillance
Carrot was built-in with Drift’s infrastructure and used its swimming pools to generate yield for its customers. Its TVL collapsed after the Drift Protocol hack.
Based on knowledge from DefiLlama, Carrot’s complete worth locked was round $28 million earlier than the Drift hack, and is at present $1.99 million, marking a lower of roughly 93%.
Carrot’s sharp TVL drop after the Drift hack. Supply: DefiLlama
DefiLlama knowledge additionally reveals practically $630 million price of digital property had been stolen in April throughout 25 incidents, making it the month with the most important losses since February 2025, when $1.47 billion was stolen.
The $293 million hack on liquid staking protocol Kelp is the most important exploit of 2026 thus far. The Drift hack is shut behind at $285 million. Collectively, these two assaults account for greater than 90% of all crypto stolen in April.
Journal: AI-driven hacks might kill DeFi — until tasks act now
