Arthur Hayes questioned whether native multisig addresses on Solana could have prevented the Drift Protocol hack after the decentralized exchange suspended all deposits and withdrawals during what it called an active attack on April 1, 2026.
The incident, which saw more than $250 million in transfers routed to an attacker-linked address, has reignited debate over Solana’s security architecture and whether protocol-level wallet design or human operational failures bear more responsibility for major exploits.
Drift froze activity as attacker drained vaults
Drift Protocol announced on April 1, 2026 that it was experiencing an active attack and had immediately suspended deposits and withdrawals. The team said it was coordinating with security firms, bridges, and exchanges to contain the incident.
On-chain data traced by Decrypt, citing Arkham-linked analysis, showed that attacker-controlled activity began with transfers from the Drift Vault to an address beginning with HkGz4K. The first major movement involved roughly 41 million JLP tokens worth approximately $155 million at 11:06 a.m. ET.
ON-CHAIN DATA
- Transaction: 5brWcB…jSM8a
- Direction: Drift Vault → Attacker address (HkGz4K…)
- Chain: Solana
Subsequent transfers from Drift to the attacker address totaled more than $250 million during the incident, according to coverage citing Arkham-linked on-chain data. Media estimates of total losses ranged from more than $200 million to approximately $285 million, though no official audited figure had been released as of April 3, 2026.
Hayes posed the question Solana leaders pushed back on
On April 2, 2026, BitMEX co-founder Arthur Hayes turned the incident into a broader infrastructure debate. He wrote on X: “If Solana had native multi sig addresses, would the Drift hack even have been possible? Actually curious, not trolling.”
If Solana had native multi sig addresses, would the Drift hack even have been possible? Actually curious, not trolling.
— Arthur Hayes (@CryptoHayes) April 2, 2026
Source: @CryptoHayes on X
Hayes framed his comment as a genuine question, not a conclusion. No fetched postmortem or technical analysis proved that native multisig support would have stopped the exploit. The claim remains a counterfactual, not a verified finding.
Solana Foundation President Lily Liu pushed back directly. She framed the Drift incident as a human-targeted social engineering and operational security problem rather than a smart contract or chain-design failure. Her response aligned with a broader argument from Solana-aligned developers: the breach looked more like compromised admin access than a gap in the network’s cryptographic primitives.
The distinction matters. If the exploit stemmed from social engineering of key holders, adding native multisig at the protocol level might not have changed the outcome, since the attacker could have targeted multiple signers. If it stemmed from a single compromised private key controlling high-value vaults, the absence of enforced multi-party authorization becomes a more direct factor. Without a full postmortem, the debate remains open.
The exchange between Hayes and Solana ecosystem leaders echoes a recurring tension in crypto security. Similar questions arose after regulatory disputes over jurisdiction and oversight highlighted the gap between decentralized protocol design and centralized operational control. The Drift incident adds another case study to that pattern.
DRIFT token dropped sharply as containment efforts continued
Markets reacted swiftly. CoinGecko data gathered during the research period showed DRIFT trading at $0.0399, down 17.10% over 24 hours, with roughly $21.15 million in daily trading volume.
Social discussion around DRIFT rose sharply on platforms including Stocktwits and X. The conversation split between users questioning Solana’s security model and those defending the chain’s architecture while pointing to operational failures at the protocol level.
Drift said it was coordinating with security firms, bridges, exchanges, and law enforcement to trace and contain the stolen funds. The protocol had not yet published a full postmortem or confirmed a final loss figure as of April 3, 2026.
The incident adds pressure to Solana-based DeFi protocols at a time when the broader ecosystem is navigating questions about stablecoin regulatory frameworks and infrastructure concentration risks across crypto. Until Drift releases its root-cause analysis, both Hayes’s question and Liu’s counterargument remain untested by the evidence.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.