#DriftInvestigationLinksRecentAttackToNorthKorean Hackers

Drift Protocol hack linked to North Korean hackers 👇

The Headline:

🔴 ~$280–$286M stolen from Solana-based Drift Protocol on April 1, 2026 — one of the biggest DeFi hacks of the year.

What happened:

💥 Attackers drained hundreds of millions from multiple Drift vaults in under minutes without exploiting any classic smart contract bug — the protocol itself wasn’t “broken.”

North Korea Link:

👤 Forensic teams (Elliptic, TRM Labs, Drift investigators) say there are multiple indicators tying the operation to North Korean-linked state hacking actors — likely the DPRK group tracked as UNC4736 (also known in threat intel circles as AppleJeus / Citrine Sleet etc.).

How it unfolded:

🔍 Rather than a quick exploit, this looks like a long game social-engineering attack:

• Attackers spent months building trust with people inside Drift, posing as legitimate traders or partners.

• They used techniques such as fake tokens, pre-signed transactions, and oracle manipulation to bypass protections and get approvals before triggering the theft.

Why it matters:

⚠️ This isn’t just a normal hack — it suggests state-level cyber operations targeting DeFi, not random exploits.

Market impact:

📉 Solana ecosystem saw price pressure after the news, adding to market risk sentiment.

---