Solana-based decentralized finance protocol Carrot has announced it is shutting down permanently, becoming the first major DeFi project to fall as a direct result of the $285 million Drift Protocol exploit in early April. The protocol said the hack was financially catastrophic and left it unable to continue operations.
Collapse of a yield protocol
In a post on X on Thursday, Carrot’s team stated that the Drift exploit was “catastrophic” for the protocol and that it could no longer sustain its business. Carrot had integrated deeply with Drift’s infrastructure, using its liquidity pools to generate yield for users. When Drift was compromised, Carrot lost access to the capital it depended on.
Also read: Bermuda to move key financial services onto Stellar blockchain, premier says
The protocol has set a May 14 deadline for users to withdraw any remaining funds from its Boost, Turbo, and CRT products. After that date, Carrot will begin deleveraging the system, reducing all utilize to zero and freeing up remaining liquidity for CRT redemption.
“Your deposited funds are still yours, but all employ will be reduced to zero, freeing up all liquidity for CRT redemption,” the team said. Carrot also pledged to continue assisting recovery efforts related to the Drift hack and to distribute any recovered assets to affected users.
TVL collapse and contagion
Data from DefiLlama shows that Carrot’s total value locked (TVL) has fallen by roughly 93% since the Drift exploit. Before the hack, Carrot held approximately $28 million in user deposits. That figure now stands at just $1.99 million.
The Drift hack, which occurred on April 1, was the second-largest exploit of 2026. Attackers spent months executing a highly coordinated social engineering campaign to gain admin control of the protocol, ultimately draining more than half of its TVL. The fallout has spread to several affiliated projects, including yield protocol Gauntlet, lending platform PrimeFi, and crypto fund Elemental DeFi.
Broader market impact
According to DefiLlama, nearly $630 million worth of digital assets were stolen across 25 separate incidents in April 2026, making it the largest month for crypto theft since February 2025, when $1.47 billion was lost. The $293 million hack of liquid staking protocol Kelp remains the largest exploit of the year so far, followed closely by the Drift incident. Together, these two attacks account for more than 90% of all crypto stolen in April.
Carrot’s shutdown highlights a growing concern in the DeFi ecosystem: the cascading risk of interconnected protocols. When a major platform like Drift is compromised, the damage does not remain isolated. Projects that depend on its liquidity or infrastructure can face immediate and irreversible financial harm.
Conclusion
Carrot’s permanent closure marks a tangible consequence of the Drift exploit and serves as a warning to the broader DeFi industry about the dangers of over-reliance on single infrastructure providers. As the recovery process continues, the incident underscores the urgent need for stronger risk management and diversification in decentralized finance.
FAQs
Q1: Why is Carrot shutting down?
Carrot is shutting down because the $285 million Drift Protocol exploit in early April 2026 drained the liquidity pools it depended on to generate yield for users. The protocol said the hack was financially catastrophic and left it unable to continue operations.
Q2: Can Carrot users still withdraw their funds?
Yes. Carrot has set a May 14, 2026 deadline for users to withdraw remaining funds from its Boost, Turbo, and CRT products. After that date, the protocol will begin deleveraging the system to free up remaining liquidity.
Q3: What other projects were affected by the Drift exploit?
Several affiliated projects have been impacted, including yield protocol Gauntlet, lending and borrowing platform PrimeFi, and crypto fund Elemental DeFi. Carrot is the first to announce a permanent shutdown.
Be the first to comment