Carrot DeFi Protocol Shuts Down After Devastating $285M Drift Exploit
The decentralized finance world is reeling from another major blow as the Solana-based yield protocol Carrot announces its permanent closure. Following the massive $285 million Drift Protocol exploit that shook the market in early April, Carrot has officially become the first major casualty of the resulting contagion. In just a single month, the platform’s total value locked plummeted by a staggering 93 percent, dropping from a healthy $28 million down to a mere $1.99 million. This catastrophic loss of liquidity has left the Carrot team financially unable to keep the project alive.
The Ripple Effect of the Drift Protocol Exploit
Carrot’s sudden collapse highlights the deep interconnectedness of the decentralized finance ecosystem. The protocol relied heavily on Drift’s infrastructure, utilizing its liquidity pools to generate yield for its investors. When a group of hackers used months of coordinated social engineering to seize admin control of Drift on April 1, they drained more than half of its total assets. Because Carrot’s operations were directly tied to these compromised pools, the fallout was immediate and devastating. Unfortunately, the contagion hasn’t stopped there; the financial shockwaves have also spread to other affiliated projects like the yield protocol Gauntlet, the lending platform PrimeFi, and the Elemental DeFi crypto fund.
In a recent statement shared on X, the Carrot team described the situation as catastrophic and outlined the final steps for its community. Investors have been given a strict deadline of May 14 to withdraw any remaining assets from the platform’s Boost, Turbo, and CRT pools. Once this deadline passes, the protocol will begin a forced deleveraging process, reducing all system leverage to zero to free up the remaining liquidity for final CRT redemptions. The team assured users that their initial deposited funds still belong to them and promised to continue assisting with ongoing recovery efforts to retrieve assets from the Drift hack.
A Record-Breaking Month for Crypto Thefts
The downfall of Carrot is just one symptom of a much larger security crisis that plagued the crypto space in April. According to on-chain data from DefiLlama, malicious actors stole nearly $630 million worth of digital assets across 25 separate incidents throughout the month. This makes April the most devastating month for crypto security since February 2025, a period that saw a staggering $1.47 billion wiped out by hackers.
The vast majority of these recent financial losses can be traced back to just two catastrophic events. While the $285 million Drift exploit was incredibly damaging, it was slightly edged out by a $293 million attack on the liquid staking protocol Kelp, officially making the Kelp hack the largest crypto heist of 2026 so far. Together, the Kelp and Drift attacks account for more than 90 percent of all crypto stolen during the month of April. As protocols like Carrot are forced to close their doors for good, the broader DeFi community is left grappling with the harsh reality of vulnerabilities hidden within deeply interconnected financial platforms.
