Carrot Lend

Carrot Lend receives a C+ risk grade (42/100) from Hindenrank, where lower scores indicate lower risk. SHUTDOWN — Protocol ceased operations April 30, 2026 following cascading losses from Drift Protocol exploit. Voluntary withdrawal deadline (May 14, 2026) has passed; forced deleveraging underway. Await Drift recovery token IOU distribution for partial recovery. Carrot Lend was a Solana yield optimizer that automatically routed stablecoin deposits across top lending protocols (Drift, Kamino, MarginFi, Jupiter, Save) to capture the best available rates. The protocol shut down April 30, 2026 after cascading losses from the Drift Protocol exploit (April 1, 2026, $285M, DPRK-attributed per Mandiant) caused TVL to collapse from ~$28M to ~$79K (~$8M in direct losses). The voluntary withdrawal deadline (May 14, 2026) has passed; forced deleveraging of all Boost, Turbo, and CRT positions is underway. Drift published a recovery plan on May 5, 2026: recovery tokens issued at $1 per $1 of verified loss, redeemable from a $148M committed pool ($127.5M Tether, $20M partners) against $295M in total losses — Carrot users eligible via CRT snapshot at 20:00 UTC April 1, 2026. Carrot team confirmed distribution via IOU token; no timeline set as it depends on Drift recovery pool growth. Full recovery estimated at ~8 years at current Drift revenue projections.

The key risks identified for Carrot Lend are: (1) SHUTDOWN: Voluntary withdrawal deadline (May 14, 2026) has passed. Forced deleveraging is underway — protocol is winding down all remaining Boost, Turbo, and CRT positions. (2) Drift Protocol exploit (April 1, 2026) cascaded through Carrot's integrated lending positions, causing ~99% TVL loss (~$8M in direct losses) — the multi-protocol integration risk materialized. (3) Drift Protocol published a recovery plan (May 5, 2026): recovery tokens at $1/$1 of verified loss, redeemable from a $148M committed pool against $295M in losses. Carrot CRT snapshot holders (April 1, 20:00 UTC) are in the recovery queue via an IOU token — no distribution timeline set yet. Early redemption of Drift recovery tokens forfeits remaining balance.

Carrot Lend scores 42/100 across eight risk dimensions: Mechanism Novelty: 3/15, Interaction Severity: 5/20, Oracle Surface: 2/10, Documentation Gaps: 4/10, Track Record: 15/15, Scale Exposure: 0/10, Regulatory Risk: 4/10, Vitality Risk: 9/10. The highest risk area is Track Record at 15/15.

Among 119 rated Yield protocols on Hindenrank, Carrot Lend ranks #86 by safety (lowest risk score = safest). Its 42/100 risk score and C+ grade place it among the riskier Yield protocols.

Carrot Lend scores 15/15 on the Track Record risk dimension, indicating some history of security incidents or exploits. Higher scores reflect more severe or frequent incidents. Review the full risk report for details.