Solana-based decentralized finance yield protocol Carrot mentioned Thursday that it’s shutting down completely, turning into one of many first DeFi protocols to fall attributable to contagion from the Drift Protocol exploit in early April.
In an X put up on Thursday, Carrot mentioned the Drift exploit was “catastrophic” for the protocol and had left it financially unable to proceed working. The platform set a Might 14 deadline for customers to withdraw remaining funds. It mentioned it is going to proceed to assist restoration efforts associated to Drift and distribute belongings as soon as they turn out to be out there.
“We’re setting Might 14th because the deadline to withdraw any remaining funds from Increase, Turbo, and CRT earlier than we’ll then start to deleverage the system. Your deposited funds are nonetheless yours, however all leverage will likely be diminished to zero, liberating up all liquidity for CRT redemption,” the protocol’s group mentioned.
The Drift protocol exploit on April 1 was the second-largest in 2026. It was a extremely coordinated assault that concerned months of social engineering by a bunch of hackers who gained admin management and drained greater than half the protocol’s whole worth locked.
The contagion unfold to a number of affiliated tasks such because the yield protocol Gauntlet, the lending and borrowing platform PrimeFi and the crypto fund Elemental DeFi.
Associated: Insider buying and selling backlash forces Polymarket to step up surveillance
Carrot was built-in with Drift’s infrastructure and used its swimming pools to generate yield for its customers. Its TVL collapsed after the Drift Protocol hack.
In accordance with information from DefiLlama, Carrot’s whole worth locked was round $28 million earlier than the Drift hack, and is at present $1.99 million, marking a lower of roughly 93%.
Carrot’s sharp TVL drop after the Drift hack. Supply: DefiLlama
DefiLlama information additionally reveals almost $630 million value of digital belongings have been stolen in April throughout 25 incidents, making it the month with the biggest losses since February 2025, when $1.47 billion was stolen.
The $293 million hack on liquid staking protocol Kelp is the biggest exploit of 2026 thus far. The Drift hack is shut behind at $285 million. Collectively, these two assaults account for greater than 90% of all crypto stolen in April.
Journal: AI-driven hacks might kill DeFi — until tasks act now