Carrot, a decentralised finance yield protocol based on the Solana blockchain, has announced its permanent closure, becoming one of the first casualties from the recent exploit of the Drift Protocol. In a statement on X, Carrot described the consequences of the incident as devastating, leading to severe financial losses that prevented the continuation of its operations. The platform has set May 14 as the final date for users to withdraw their remaining funds and plans to assist in the asset recovery process linked to the Drift incident.
Initially integrated with Drift’s infrastructure, Carrot leveraged its pools to generate yield for users. However, following the Drift Protocol hack, Carrot’s Total Value Locked (TVL) plummeted significantly. Data from DeFiLlama indicated that Carrot’s TVL was approximately $28 million (about Rs. 266 crore) before the exploit but has now dropped to an alarming $1.99 million (approximately Rs. 18.9 crore), reflecting a decrease of around 93 percent.
Effects of the Drift Protocol Hack
The ramifications of the Drift Protocol exploit have extended beyond Carrot, affecting multiple affiliated projects such as the yield protocol Gauntlet, the lending and borrowing platform PrimeFi, and the crypto fund Elemental DeFi. The far-reaching impact of this exploit has raised concerns across the DeFi landscape.
In an earlier communication, the Carrot team expressed regret over the situation but reassured users that their deposited funds remain intact. The message stated, “Your deposited funds are still yours, but all leverage will be reduced to zero, freeing up all liquidity for CRT redemption […] Any recovery effort by Drift will still be distributed as stated previously.” Additionally, the team conveyed the difficulties faced in reaching the decision to shut down, emphasizing the commitment and resources invested into the platform.
Details of the Drift Exploit
Last month, the Drift Protocol suffered one of the most significant scams of the year, amounting to approximately $280 million (around Rs. 2,600 crore). In a statement on X, Drift Protocol characterized the incident as not a typical hack, but rather a sophisticated, months-long social engineering scheme. Perpetrators masqueraded as a legitimate trading firm and interacted with Drift Protocol executives at various crypto events. They even made a substantial investment of one million dollars into the platform, which helped them gain trust over time.
Eventually, the scammers managed to compromise the Drift team’s interactions with malicious code and applications, likely leading to a breach of critical systems. Investigations have linked the operation to a group identified as UNC4736, reportedly associated with North Korea (DPRK).
Wider Impact and Community Response
In addition to Carrot, another DeFi protocol named Kelp has also been reported as a casualty in the growing trend of scams this year. In response to increasing security concerns, several DeFi projects have joined forces to form an alliance aimed at restoring the support for Restaked Ether (rsETH). This collective effort has been termed “DeFi United,” with prominent protocols such as Mantle, EtherFi Foundation, Golem Foundation, Lido DAO, Ethena, LayerZero, Ink Foundation, and Tyrdo participating in the initiative.
As the cryptocurrency market remains unregulated, investors are cautioned about potential risks associated with digital currencies, which are not recognized as legal tender. The information in this article does not constitute financial or trading advice and is not intended as a recommendation by NDTV.
