Drift Protocol, a decentralized cryptocurrency exchange (DEX), detected “unusual” trading activity on the platform on Wednesday, warning users not to deposit funds until the issue has been resolved.

The Drift team did not disclose the specific cause of the ongoing incident or the damage in its initial announcement and is currently investigating the issue. 

In a subsequent update, the Drift team announced that deposits and withdrawals on the platform have been suspended. 

Blockchain cybersecurity threat researcher Vladimir S said the exploit was likely due to a crypto wallet private key leak, and the total funds lost in the incident could be as high as $200 million. 

“Admin signer was compromised, or whoever controls it intentionally executed these changes,” he said. 

The stolen assets include wrapped versions of Bitcoin (BTC), Jito (JTO), the Fartcoin (FRT) memecoin, other altcoins, and various dollar, euro, and Japanese yen stablecoins, which have since been transferred to multiple wallets, according to Vladimir S.

The exploiter started converting the stolen assets to the USDC (USDC) stablecoin, bridging the funds to the Ethereum network and purchasing Ether (ETH), according to Solana treasury company DeFi Development Corp.

Cointelegraph reached out to Drift Protocol but did not receive an immediate response by the time of publication. 

Cybersecurity exploits and hacks were responsible for $49 million in crypto losses during February, a sharp decrease from January, but a reflection of the ongoing security threats users and platforms face.

Drift token impacted by the exploit

The price of the Drift (DRIFT) token briefly reached $0.68 on Wednesday, but fell by about 18% following news of the exploit, according to data from CoinMarketCap.

About 83% of the native crypto tokens of hacked platforms never recover to pre-hack prices, according to blockchain security company Immunefi. 

“The stolen funds are only the first layer of damage,” Immunefi CEO Mitchell Amador told Cointelegraph in March.

“What follows is often more destructive: sustained token price suppression, reduced treasury capacity, leadership disruption, lost development time, and erosion of user trust,” he added.