GM all, and happy Thursday! Risk assets have been red throughout the past week amidst ongoing macro uncertainties across geopolitics and commodities, while gold offers some strength. 

Rubbing salt in the wounds of an increasingly painful bear market, Drift was drained for over $280M yesterday in what appears to be an advanced social-engineering operation, representing one of the largest-ever security compromises in the Solana ecosystem.

Markets remain risk-off across the board, as futures traded lower overnight on the back of President Trump’s address to the nation on the “military operation” in Iran. In his remarks, Trump stated that the US is nearing completion of its military objectives in Iran but expects the conflict to continue for another two to three weeks — with the possibility of further escalation, including strikes on infrastructure, if no deal is reached. 

On the back of this, oil futures surged close to 7% in less than an hour, with VIX futures trading 5% higher, highlighting expectations of further stress. Oil and the VIX have been tightly correlated since the beginning of the conflict in March.

Gold is the only asset showing appreciable strength on the weekly timeframe, having recovered significantly off of its recent selloff low. Meanwhile, equities, BTC, and other major crypto indices continue to show weakness and abysmal breadth. 

With March closed out, ETFs broke their streak of four consecutive months of prevailing outflows. While positive inflows are a welcome sign, the $1.2B added in BTC products was only enough to keep the asset sideways. ETF activity remains anemic compared to last summer. 

At large, risk in crypto assets remains downstream of both a volatile and unpredictable regime across geopolitics, commodities, interest rates, inflation, policy, and equity prices. The eventual resolution of these uncertainties should be a welcome sign to bring risk back on the table in crypto. 

— Luke

Drift’s $280M vault exploit

Drift Protocol was exploited yesterday for ~$280M, ~50% of the protocol’s total TVL, in what is now one of the largest native Solana protocol exploits on record. 

The attack vector was not a smart-contract bug or a compromised seed phrase, but a sophisticated durable nonce operation combined with social engineering. An attacker obtained approval from 2/5 members of Drift’s Security Council multisig through what Drift describes as unauthorized or misrepresented transaction approvals, pre-signed weeks in advance using durable nonce accounts that enabled delayed execution. 

Yesterday, those pre-signed transactions fired within minutes of a legitimate test withdrawal, transferring admin control to the attacker. That access was used to initialize a spot market vault for CVT, a worthless token of the attacker’s own creation, set at an artificially inflated oracle price, and raise the USDC deposit limit from $25M to $500M. CVT was deposited as collateral and real assets were withdrawn via Drift’s cross-margin and swap functionality. 

The preparation stretched back to March 23rd, when four durable nonce accounts were created, two tied to multisig members, two to attacker-controlled addresses. A planned Security Council migration on March 27 briefly reshuffled the multisig, but the attacker moved quickly, creating a new durable nonce account for a member of the updated council by March 30, restoring effective 2/5 access. 

The asset breakdown tells the story of how broadly the vault was drained: $155.6M in JLP, $60.4M in USDC, $11.3M in cbBTC, $4.7M in WETH, $4.5M in dSOL, $4.4M in WBTC, $4.1M in FARTCOIN, $3.6M in JitoSOL, $3.3M in SYRUPUSDC, $2.5M in INF, and a long tail of additional assets across stablecoins and liquid-staking tokens. The attacker wasted no time converting holdings into harder-to-freeze assets, ultimately holding ~$141M in SOL, $82M in ETH, and $18M in BTC across wallets. Funds were bridged off Solana via Wormhole to an Ethereum address that had itself been funded through Tornado Cash, suggesting this was not an opportunistic attack.

The onchain forensics point to a premeditated, coordinated operation. The primary drainer address was funded eight days ago via NEAR Intents but remained dormant until today. Launderer wallets were funded just yesterday via Backpack, notable because Backpack KYCs its users, which means investigators have an identifiable thread to pull. The attacker also briefly deposited CVT into Drift’s AI16Z perp market, and the timing (executed on April Fools’ Day) reads as deliberate. 

This is not a contained Drift problem; at least eight protocols with Drift exposure have been impacted. Reflect Money has frozen USDC+ mint and redemption. DeFi Carrot confirmed its CRT yield token was affected. Project Zero paused new borrows against Drift positions. Piggybank Finance had ~$106K of its $4M in funds deployed to Drift. Ranger Finance’s rUSD carries exposure. The contagion map illustrates a recurring structural problem in Solana DeFi: Yield-bearing protocols route capital into deeper liquidity venues like Drift to generate returns, and when the base layer fails, the blast radius extends well beyond the primary protocol’s own users.

The competitive implication for the Solana perps market is significant, and the picture is more nuanced than it first appears. Drift was the dominant Solana-native perp venue by TVL before today, but it was already running behind on volume. Pacifica posted $449M in 24-hour volume and Jupiter Perps $288M against Drift’s $66M. Hyperliquid, operating on its own L1 with a fundamentally different security model, is the other obvious beneficiary, though Drift’s collapse reinforces Hyperliquid's existing narrative advantage rather than creating it. 

The more uncomfortable question for the ecosystem is whether a private-key compromise of this scale, executed against one of Solana DeFi’s most established protocols, recalibrates institutional risk appetite for Solana-based DeFi exposure at a moment when that appetite was just beginning to rebuild.

— Nick

1. Crypto market structure deal imminent, Coinbase says

Coinbase Chief Legal Officer Paul Grewal stated live on Fox Business yesterday that a crypto market-structure deal is expected to be announced within 48 hours, with a Senate Banking Committee markup hearing anticipated within weeks. The remarks centered on the CLARITY Act, which would resolve the longstanding jurisdictional split between the SEC and CFTC over which tokens fall under each regulator’s purview.

The GENIUS Act, which established stablecoin rules, passed last year and is described as the necessary precursor. The CLARITY Act provides the broader market structure framework into which it fits. A floor vote and presidential signature are cited as the expected sequence to follow markup.

2. Can Bitcoin Survive Quantum Computing? w/ Ark Invest

This episode discusses growing concerns around quantum computing, especially new research from Google, and how it could potentially threaten current cryptographic systems used by Bitcoin and other blockchains, prompting urgency around developing quantum-resistant solutions. 

The guests explain that while the threat is likely still several years away, it could impact a large portion of existing Bitcoin, and that Bitcoin developers must coordinate upgrades despite decentralized governance challenges. The conversation also explores broader crypto trends, including declining developer activity due to AI competition, the evolving role of stablecoins, and how value may accrue across issuers, applications, and blockchain infrastructure layers.

3.  LLMs as a Risk Manager 

The paper introduces a framework to identify meaningful lead-lag relationships in prediction markets, addressing the problem that many statistically significant relationships are actually spurious. Empirically, the hybrid approach improves trading performance, increasing win rate (≈51.4% → 54.5%) and, more importantly, cutting average losses nearly in half, showing that LLMs help filter out fragile, high-risk signals rather than just boosting gains. 

Overall, the study finds that LLMs are most valuable as “semantic risk managers”: they don’t replace statistical models, but enhance them by selecting relationships that are economically plausible and more robust across changing market conditions.

Introducing Blockworks Investor Relations, an IR platform built for onchain businesses.

The latest Blockworks offering brings together analytics, a branded investor relations site, and integrated advisory support into a single platform. The result is a more efficient way to share your story, build trust with investors, and engage a global audience from day one.

If you’re building in crypto and want to upgrade your investor relations function, we’d love to work with you. Book a meeting with the Blockworks team to get started.