Drift Protocol Hack: North Korean Hackers Linked to $285M Theft
The Event: On April 1, 2026, Drift Protocol (Solana’s largest perpetual exchange) was exploited for $285 million in under 10 seconds. New forensic data from TRM Labs and Elliptic officially attributes the attack to state-sponsored actors from North Korea.
The Method: * Oracle Manipulation: Attackers used wash trading to trick price oracles into valuing a worthless token (CVT) as high-value collateral.
* Social Engineering: They compromised administrative "multisig" keys to manually disable the protocol’s "circuit breaker" safety systems.
* Execution: After raising withdrawal limits to near-infinity, they used the fake collateral to "borrow" $285 million in USDC and ETH.
The Aftermath:
The funds were instantly dispersed across 57,000 wallets using automated bots. This attack highlights a shift in North Korean tactics: targeting governance and human layers rather than just exploiting bugs in the code. Recovery efforts are ongoing, but the complex laundering process makes asset retrieval unlikely.
#DriftInvestigationLinksRecentAttackToNorthKoreanHackers
#AnthropicBansOpenClawFromClaude