On 18 July 2025, Drift Protocol processed more than $1 billion in perpetual futures volume in a single day — onchain, on a public blockchain, with no central clearing house. Nine months later, attackers drained $285 million from the same protocol without touching a single smart contract. Both facts are true, and together they frame what Solana perpetuals actually are in 2026.
This article is Part 3 of the Onchain Perps series. Part 2 covered the orderbook-versus-pool design trade-off; here we apply that framework to Solana's two dominant venues, Drift and Jupiter Perps, and to the risks that come with them.
Why Solana Is Structurally Suited to Perpetuals
Perpetual futures impose a demanding transaction workload: oracle prices need frequent updates, liquidations must land quickly when margin runs thin, and traders constantly adjust positions and collateral. On a chain where each of those interactions costs dollars, the economics break down for all but the largest positions.
On Solana, a liquidation transaction typically costs fractions of a cent at the base fee, plus a small priority fee during congestion. Solana's parallel execution scheduler lets liquidation bots and oracle updaters run in the same block as unrelated transactions, because they touch different accounts. The result is that the infrastructure cost of running a perpetuals protocol is low enough to support retail-sized positions.
That structural advantage has attracted multiple competing venues. But as Part 2 established, lower costs do not eliminate the design choices around liquidity — they just let you run them cheaply.
Drift Protocol: The Three-Layer Hybrid
Drift is the more architecturally complex of the two major venues. Every market order passes through three layers in sequence, and the design goal is to give traders strong execution while guaranteeing that every order fills.
Layer one: the JIT auction. When a market order arrives, Drift triggers a brief Dutch auction — the Just-in-Time (JIT) auction — and external market makers race to fill the order at or inside the oracle price. Winners improve on the baseline price; traders often receive better execution than the quoted mark. For large orders, the JIT is the main source of price improvement.
Layer two: the DLOB. Any volume not filled in the JIT routes to the Decentralised Limit Order Book (DLOB), where resting limit orders can match against the incoming flow.
Layer three: the virtual AMM. Whatever remains after the DLOB is filled by a virtual AMM backstop. The vAMM is not the primary liquidity source — it is the guarantee of last resort that no order goes unfilled.
Drift uses cross-margin accounts: all collateral inside a sub-account backs all open positions simultaneously. That maximises capital efficiency but means a single position liquidated at a loss can deplete the margin supporting unrelated trades.
The protocol runs an insurance fund, staked in USDC by external depositors who earn a share of trading fees in exchange for absorbing first-loss on liquidation shortfalls. (The insurance fund mechanics are examined in Part 4 of this series.) Drift Earn vaults let users deposit into curated strategies run by market makers. Governance uses the DRIFT token.
Before April 2026, Drift had accumulated roughly $148.5 billion in cumulative perpetual volume, with TVL peaking above $1.1 billion in mid-2025.
The April 2026 Exploit
On 1 April 2026, Drift Protocol lost $285 million — more than half of its total value locked — to a social-engineering attack on the humans who held admin keys. No contract vulnerability was exploited.
The mechanics: attackers posed as a quant firm seeking integration. They introduced a worthless fake token, manipulated its reported price, and over weeks cultivated trust with protocol signers. The final step used Solana's durable-nonce feature — pre-signed transactions that remain valid indefinitely — to transfer admin control at a moment of the attackers' choosing. The attack has been attributed to North Korea-linked actors by blockchain forensics firms.
Recovery is ongoing. On 16 April 2026, Tether announced it would lead a roughly $150 million support package, structured as a revenue-linked credit facility. The settlement asset on relaunch will switch from USDC to USDT, and independent audits are required before the targeted mid-2026 relaunch.
The Drift exploit is covered in detail here because it is the most significant event in Solana's perpetuals history and because its mechanism — privileged admin keys held by humans — is not unique to Drift. Any protocol with admin upgrade authority carries the same surface.
Jupiter Perps: The Pool-as-Counterparty Model
Jupiter Perps takes the opposite architectural approach. There is no orderbook, no JIT auction, and no virtual AMM. Instead, the Jupiter Liquidity Provider pool — the JLP — acts as the direct counterparty on every trade.
A trader opening a long effectively borrows asset exposure from the pool; a short borrows stablecoin exposure. All positions open and close at the Pyth oracle price with zero price impact. There is no spread and no slippage on the major assets supported.
The JLP basket holds roughly SOL, BTC, ETH, USDC, and USDT, with weights shifting as the pool rebalances around utilisation. Traders pay a 0.06% fee on open and close, plus an hourly borrow fee that rises with pool utilisation. JLP holders receive the large majority of those fees. Since August 2025, idle SOL in the pool also earns native staking yield, adding a second income source when perp activity is slow.
Jupiter Perps is embedded in Jupiter, Solana's dominant swap aggregator. The interface that handles the large majority of Solana spot swap volume is the same interface where perp trading happens — a distribution advantage that shapes the user base and explains a significant part of the volume.
As of May 2026, Jupiter Perps has accumulated roughly $480 billion in cumulative perpetual volume. When Drift went offline after the April 2026 hack, Jupiter Perps absorbed the large majority of displaced Solana perp flow, making it one of the largest pool-model venues in DeFi by volume.
The Rest of the Field
Solana supports several other venues. Adrena launched in 2024 and reached third place in Solana perp volume quickly, using Pyth price feeds and a pool-counterparty design similar to Jupiter Perps. Flash Trade held a meaningful share of Solana perp volume in mid-2024 before contracting sharply as Jupiter and Drift grew. Zeta Markets rebranded as Bullet, shifting toward high-speed traders with an onchain order book.
Liquidity, user trust, and front-end distribution keep volume concentrated at the top two venues. The infrastructure clearly supports multiple designs — the market just concentrates around the interfaces with the most liquidity.
Risks to Understand Before You Participate
JLP holders are the house, not just a fee collector. When traders net-profit across a period, that profit comes directly out of JLP value. Fees provide income in calm, range-bound markets. In a strong trend where traders on one side capture large gains, JLP holders absorb the loss. This is qualitatively different from impermanent loss in a spot liquidity pool — the risk is directional trader PnL, not just price divergence.
Oracle dependency cuts both ways. Both Drift and Jupiter Perps price positions against Pyth feeds. Pyth's pull-oracle model means price updates are transactions that compete for block space. Under congestion, a price update may land later than the market moves it reflects. A stale price can delay a liquidation that should have fired, pushing the resulting bad debt onto the insurance fund or directly onto the JLP pool. Understanding how oracle price feeds work is a prerequisite for understanding the failure modes of any perp venue.
Network disruptions halt liquidation keepers. Solana's last full consensus halt lasted about five hours on 6 February 2024, and between October 2024 and February 2025 the network experienced at least nine partial disruptions, some lasting hours. During a halt, liquidation bots cannot submit transactions. A position that crosses its liquidation price during downtime accrues bad debt until the network recovers — and that debt lands on whoever sits at the bottom of the protocol's loss waterfall.
Admin-key risk is a human problem. The April 2026 Drift exploit required no contract vulnerability. The attack surface was the small group of humans authorised to sign admin transactions. Solana's durable-nonce feature — designed for offline transaction signing — became the weapon. Any protocol with privileged upgrade or admin authority carries this surface. It is part of the broader category of composability and systemic risk that onchain systems inherit when they depend on trusted human operators alongside immutable code.
Where you sit in the loss waterfall matters. On Drift, liquidation shortfalls hit the insurance fund first; insurance stakers take first-loss before the protocol becomes insolvent. On Jupiter Perps, JLP holders absorb trader PnL directly — there is no insurance buffer between pool holders and a losing outcome.
Key Takeaways
- Solana's sub-cent fees and parallel execution make it structurally cheaper to run perpetual futures than on slower, more expensive chains — but cheap infrastructure does not eliminate design risk.
- Drift uses a three-layer stack (JIT auction → DLOB → virtual AMM) that prioritises price improvement and guaranteed fills; Jupiter Perps uses a pool counterparty that offers zero slippage at the cost of putting directional PnL risk on JLP holders.
- The April 2026 Drift exploit drained $285 million through social engineering and admin-key compromise, not a contract bug — a reminder that the human layer of any protocol is part of its attack surface.
- JLP holders earn fees but bear the downside when traders net-profit; that risk is correlated with market trends, not just volatility.
- Solana network disruptions can freeze liquidation keepers mid-trade; any position held through a halt accrues bad debt risk that the protocol, not the chain, must absorb.
