Carrot, a Solana-based DeFi yield protocol, introduced its everlasting shutdown on April 30, 2026, after shedding roughly $8 million in whole worth locked, roughly half its TVL – to the fallout from the April 1 Drift Protocol exploit that drained an estimated $285 million from one among Solana’s largest perpetual futures platforms.
Carrot was circuitously hacked. It was taken down by a protocol it depended o, and that distinction is what makes this story greater than a routine exploit abstract.
Customers have till Could 14, 2026, to voluntarily withdraw funds from Carrot’s three core merchandise. After that deadline, the workforce will start force-deleveraging all remaining positions to 1x leverage, liberating liquidity for remaining CRT stablecoin redemptions.
Carrot’s official account on X confirmed the choice plainly: “Carrot is shutting down. That is actually not the result we wished, however the state of affairs with the Drift exploit has confirmed to be catastrophic for our continued operations.”
A snapshot of CRT token holdings was taken at 20:00 UTC on April 1, the precise second of the Drift exploit, to protect proportional claims for any future Drift restoration distributions paid by way of IOU token.
1/ Carrot is shutting down
That is actually not the result we wished, however the state of affairs with the Drift exploit, has confirmed to be catastrophic for our continued operations.
— Carrot (@DeFiCarrot) April 30, 2026
The element most headlines are lacking is that Carrot by no means had a vulnerability in its personal code. Its Enhance and Turbo merchandise routed consumer funds by way of Drift-integrated vaults, that means Drift’s safety was additionally Carrot’s safety, whether or not Carrot’s customers knew that or not.
DISCOVER: The Subsequent 1000x Crypto Gem Earlier than It Lists on Binance
How Did the Drift Protocol Exploit Truly Work?
The Drift exploit, which the Drift Protocol confirmed occurred at roughly 20:00 UTC on April 1, used what investigators have described as a novel sturdy nonce exploit, a method that manipulates how Solana handles pre-authorized transaction signing to compromise administrative controls.
Attackers, suspected to have ties to North Korean state-sponsored teams, spent roughly three weeks getting ready the assault earlier than executing it. Over 50% of Drift’s TVL was drained in minutes, triggering a right away suspension of deposits and withdrawals throughout the platform.
Carrot held vital publicity by way of Drift-integrated vaults and liquidity positions. Shortly after the exploit, the workforce paused all minting and redemption capabilities whereas assessing the harm.
By mid-April, Carrot’s CRT web asset worth had been adjusted to roughly $57.52 to $57.58 per token, reflecting each realized and unrealized losses. The Drift hack is now the most important DeFi exploit of 2026 and the second-largest in Solana’s historical past – a knowledge level that issues for anybody evaluating the well being of the broader Solana ecosystem proper now.
Carrot operated for greater than two years earlier than this shutdown, constructing what it described as a “yield working system” for Solana. No administration charges apply throughout the wind-down interval, and the workforce has confirmed that deposited funds stay the authorized property of customers all through the method.
EXPLORE: Greatest Crypto Presales to Watch
Why you possibly can belief 99Bitcoins
Established in 2013, 99Bitcoin’s workforce members have been crypto specialists since Bitcoin’s Early days.
90hr+
Weekly Analysis
100k+
Month-to-month readers
50+
Knowledgeable contributors
2000+
Crypto Tasks Reviewed
Observe 99Bitcoins in your Google Information Feed
Get the most recent updates, tendencies, and insights delivered straight to your fingertips. Subscribe now!
