Solana-based decentralized financial gains protocol Carrot said on Thursday it will be permanently shut down, becoming one of the first DeFi protocols to crash due to contagion caused by the Drift Protocol exploit in early April.
WX post on Thursday, Carrot said the Drift exploit was “catastrophic” for the protocol and left it financially unable to continue operating. The platform has set users a deadline of May 14 to withdraw the remaining funds. It said it will continue to assist with Drift-related recovery efforts and distribute assets as they become available.
“We are setting May 14 as the deadline to withdraw any remaining funds from Boost, Turbo and CRT before we begin reducing the system’s leverage. Your deposited funds still belong to you, but all leverage will be reduced to zero, freeing up all liquidity for CRT use,” said the team behind the protocol.
The April 1 exploit of the Drift protocol was the second largest of 2026. It was a highly coordinated attack that required months of social engineering by a group of hackers who took administrative control and depleted more than half of the protocol’s total locked value.
The contagion has spread to several related projects, such as the Gauntlet yield protocol, the PrimeFi lending and lending platform, and the Elemental DeFi crypto fund.
Related: The response to insider trading forces Polymarket to boost its surveillance
Carrot was integrated into Drift’s infrastructure and used its pools to generate profits for its users. Its TVL collapsed after the Drift protocol was hacked.
According to data from DefiLlama, Carrot’s total locked value before the Drift hack was approximately $28 million and is now $1.99 million, a decline of approximately 93%.
Carrot’s TVL drops sharply after the Drift hack. Source: DefiLlama
DefiLlama data also shows that almost $630 million worth of digital assets were stolen in April as a result of 25 incidents, making it the month with the highest losses since February 2025, when $1.47 billion was stolen.
The $293 million Liquid Staking Kelp hack is the biggest exploit of 2026 so far. Hack Drift is just shy of $285 million. Combined, these two attacks account for over 90% of all cryptocurrencies stolen in April.
Warehouse: AI-powered hacks could kill DeFi – unless projects start acting now
