DeFi Protocol Carrot Shuts Down After Drift Exploit Contagion
Solana yield protocol Carrot announced its permanent shutdown after suffering catastrophic losses from the $285M Drift Protocol exploit. TVL plunged 93% to $1.99M, with users given until May 14 to withdraw funds.
Quick Take
Carrot shutting down, TVL fell from $28M to $1.99M
Drift exploit was second-largest in 2026, $285M stolen
Contagion hit Carrot, Gauntlet, PrimeFi, and others
Users can withdraw remaining funds until May 14
Market Impact Analysis
BearishA DeFi protocol shutdown due to an exploit reinforces security fears and could dampen sentiment in the Solana ecosystem.
Speculation Analysis
Key Takeaways
- Carrot permanently shuts down after Drift exploit erased 93% of its total value locked.
- Users must withdraw remaining funds by May 14 before the protocol deleverages all positions.
- The $285M Drift hack sparked contagion, hitting Gauntlet, PrimeFi, and other DeFi protocols.
- April crypto thefts reached $630M across 25 incidents, the worst month since February 2025.
What Happened
On April 1, Drift Protocol suffered a $285M exploit, the second-largest hack of 2026. The attack devastated Carrot, a Solana-based yield protocol integrated with Drift's pools. Its TVL collapsed from $28M to $1.99M, a 93% drop. Carrot announced Thursday it cannot recover and will permanently shut down. The team set May 14 as the deadline for users to withdraw funds from Boost, Turbo, and CRT before it deleverages the system. All leverage will be reduced to zero, freeing liquidity for redemption. Carrot plans to assist in Drift recovery efforts and distribute any recovered assets.
The Numbers
Carrot's TVL fell from $28M to $1.99M after the Drift exploit, according to DefiLlama. The Drift hack drained $285M, second only to the $293M Kelp exploit in 2026. Together, these two attacks made up over 90% of April's thefts. April saw $630M stolen across 25 incidents, marking the worst month since February 2025, when $1.47B was lost.
Why It Happened
The Drift exploit was a coordinated social engineering attack that gave hackers admin control. They drained over half the protocol's TVL. Carrot used Drift's pools to generate yield for users, so the hack directly exposed it. The collapse in underlying assets and loss of trust made it impossible for Carrot to continue operations. Contagion also hit Gauntlet, PrimeFi, and Elemental DeFi.
Broader Impact
Carrot's shutdown highlights the systemic risk in DeFi's composability. One protocol's failure can trigger a cascade. For the Solana ecosystem, this incident may spur security audits and dampen investor confidence. With April setting a 2026 record for exploit losses, regulatory pressure could mount.
What to Watch Next
- Whether users can withdraw funds smoothly by May 14, or if technical issues arise.
- Progress on Drift recovery: any returned assets could benefit Carrot users.
- Potential for further shutdowns or security upgrades across Solana DeFi.
This article is for informational purposes only and does not constitute financial advice.
Always late to trends?
Join for the latest news, insights & more.
Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.
漏 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.
