#driftinvestigationlinksrecentattacktonorthkorean
driftinvestigationlinksrecentattacktonorthkorean
233 views
11 Discussing
Hot
Latest
THIS IS INSANE.🤯
North Korea stole $285 million in 12 minutes.
Drift is the biggest trading platform on Solana.
The code was fine. Two audits found nothing wrong. North Korea didn’t touch the code. They went after the people.
They made a fake token called CarbonVote. Put in a few thousand dollars to make it look real. Drift’s system thought it was worth hundreds of millions.
Then they got the people who held the keys to sign off on transactions weeks before the actual attack. Nobody knew what they were approving.
April 1: They pressed go. $285 million drained in 12 minutes. Every vault emptied.
Token dropped 40%. The platform lost half its TVL overnight.
Elliptic and TRM Labs both say it’s North Korea.
Same pattern as the $1.4 billion Bybit hack last year. Same tools. Same speed.
North Korea took $2 billion in crypto in 2025. That’s 60% of everything stolen in crypto worldwide.
The US says that money funds their weapons program. And they’re doing it again this year.
No bug. No exploit. They faked a token, fooled real people, and took $285 million.
They spent months building trust. Then 12 minutes destroying it.
That’s how it works now.
#DriftInvestigationLinksRecentAttackToNorthKorean
#Hackers #AnthropicBansOpenClawFromClaude #USNFPExceededExpectations #USJoblessClaimsNearTwo-YearLow
North Korea stole $285 million in 12 minutes.
Drift is the biggest trading platform on Solana.
The code was fine. Two audits found nothing wrong. North Korea didn’t touch the code. They went after the people.
They made a fake token called CarbonVote. Put in a few thousand dollars to make it look real. Drift’s system thought it was worth hundreds of millions.
Then they got the people who held the keys to sign off on transactions weeks before the actual attack. Nobody knew what they were approving.
April 1: They pressed go. $285 million drained in 12 minutes. Every vault emptied.
Token dropped 40%. The platform lost half its TVL overnight.
Elliptic and TRM Labs both say it’s North Korea.
Same pattern as the $1.4 billion Bybit hack last year. Same tools. Same speed.
North Korea took $2 billion in crypto in 2025. That’s 60% of everything stolen in crypto worldwide.
The US says that money funds their weapons program. And they’re doing it again this year.
No bug. No exploit. They faked a token, fooled real people, and took $285 million.
They spent months building trust. Then 12 minutes destroying it.
That’s how it works now.
#DriftInvestigationLinksRecentAttackToNorthKorean
#Hackers #AnthropicBansOpenClawFromClaude #USNFPExceededExpectations #USJoblessClaimsNearTwo-YearLow
🚨 Notification $币安人生
/ USDT — High Volatility Opportunity
📌 Trading Plan:
Entry Point: 0.080 – 0.083
🛑 Stop Loss: 0.074
🎯 Targets:
Target 1: 0.090
Target 2: 0.100
Target 3: 0.110
📊 Market Behavior:
- Strong rise followed by a sharp decline
- The rebound from support indicates a return of buyers
- High volatility → Potential for rapid movements
- If momentum is rebuilt, the rise can be very strong
#PolymarketMajorUpgrade
#TrumpDeadlineOnIran
#DriftInvestigationLinksRecentAttackToNorthKorean Hackers
/ USDT — High Volatility Opportunity
📌 Trading Plan:
Entry Point: 0.080 – 0.083
🛑 Stop Loss: 0.074
🎯 Targets:
Target 1: 0.090
Target 2: 0.100
Target 3: 0.110
📊 Market Behavior:
- Strong rise followed by a sharp decline
- The rebound from support indicates a return of buyers
- High volatility → Potential for rapid movements
- If momentum is rebuilt, the rise can be very strong
#PolymarketMajorUpgrade
#TrumpDeadlineOnIran
#DriftInvestigationLinksRecentAttackToNorthKorean Hackers
#DriftInvestigationLinksRecentAttackToNorthKorean Hackers
Drift Protocol hack linked to North Korean hackers 👇
The Headline:
🔴 ~$280–$286M stolen from Solana-based Drift Protocol on April 1, 2026 — one of the biggest DeFi hacks of the year.
What happened:
💥 Attackers drained hundreds of millions from multiple Drift vaults in under minutes without exploiting any classic smart contract bug — the protocol itself wasn’t “broken.”
North Korea Link:
👤 Forensic teams (Elliptic, TRM Labs, Drift investigators) say there are multiple indicators tying the operation to North Korean-linked state hacking actors — likely the DPRK group tracked as UNC4736 (also known in threat intel circles as AppleJeus / Citrine Sleet etc.).
How it unfolded:
🔍 Rather than a quick exploit, this looks like a long game social-engineering attack:
• Attackers spent months building trust with people inside Drift, posing as legitimate traders or partners.
• They used techniques such as fake tokens, pre-signed transactions, and oracle manipulation to bypass protections and get approvals before triggering the theft.
Why it matters:
⚠️ This isn’t just a normal hack — it suggests state-level cyber operations targeting DeFi, not random exploits.
Market impact:
📉 Solana ecosystem saw price pressure after the news, adding to market risk sentiment.
---
Drift Protocol hack linked to North Korean hackers 👇
The Headline:
🔴 ~$280–$286M stolen from Solana-based Drift Protocol on April 1, 2026 — one of the biggest DeFi hacks of the year.
What happened:
💥 Attackers drained hundreds of millions from multiple Drift vaults in under minutes without exploiting any classic smart contract bug — the protocol itself wasn’t “broken.”
North Korea Link:
👤 Forensic teams (Elliptic, TRM Labs, Drift investigators) say there are multiple indicators tying the operation to North Korean-linked state hacking actors — likely the DPRK group tracked as UNC4736 (also known in threat intel circles as AppleJeus / Citrine Sleet etc.).
How it unfolded:
🔍 Rather than a quick exploit, this looks like a long game social-engineering attack:
• Attackers spent months building trust with people inside Drift, posing as legitimate traders or partners.
• They used techniques such as fake tokens, pre-signed transactions, and oracle manipulation to bypass protections and get approvals before triggering the theft.
Why it matters:
⚠️ This isn’t just a normal hack — it suggests state-level cyber operations targeting DeFi, not random exploits.
Market impact:
📉 Solana ecosystem saw price pressure after the news, adding to market risk sentiment.
---
A $285 Million Heist in 10 Seconds. The Drift Protocol hack wasn’t just a "bug"—it was a 6-month special operation. 🇰🇵🛡️
The forensic data is in from TRM Labs and Elliptic, and it’s official: The exploit of Solana’s largest perp exchange, Drift, has been linked to North Korean state-sponsored hackers.
This was a "masterclass" in sophisticated destruction. If you have assets in DeFi, you need to understand how they did it, because your "security" might not be what you think:
🔹 The Long Game: This wasn't a quick exploit. The hackers spent 6 months building "professional" identities and social engineering the Drift team into pre-signing administrative transactions.
🔹 The Oracle Trap: They used a worthless token (CVT) and wash-traded it to trick oracles into seeing it as high-value collateral.
🔹 The Kill Switch: After compromising the admin "multisig" keys, they manually disabled the protocol’s "circuit breakers" and raised withdrawal limits to near-infinity.
🔹 Execution: They drained $285M in USDC, ETH, and JLP in under 10 seconds.
The Lesson for Us: As traders and entrepreneurs, we have to stop assuming that "Open Source" or "Audit" means "Safe." The weakest link is often the human layer. If a protocol has a "Security Council" or "Multisig" with human signers, those signers are targets.
This hack is the second-largest in Solana's history. It’s a wake-up call for the entire ecosystem to move toward immutable code and away from "admin keys" that can be social-engineered.
Does this make you rethink your "Long-Term" DeFi holdings? Are you moving your assets to cold storage, or do you still trust the "Security Councils" of major protocols? Let’s talk security in the comments. 👇
#DriftInvestigationLinksRecentAttackToNorthKorean #DriftProtocolExploited #Write2Earn #BinanceSquare #CryptoNewss $BTC
$DRIFT
$SOL
The forensic data is in from TRM Labs and Elliptic, and it’s official: The exploit of Solana’s largest perp exchange, Drift, has been linked to North Korean state-sponsored hackers.
This was a "masterclass" in sophisticated destruction. If you have assets in DeFi, you need to understand how they did it, because your "security" might not be what you think:
🔹 The Long Game: This wasn't a quick exploit. The hackers spent 6 months building "professional" identities and social engineering the Drift team into pre-signing administrative transactions.
🔹 The Oracle Trap: They used a worthless token (CVT) and wash-traded it to trick oracles into seeing it as high-value collateral.
🔹 The Kill Switch: After compromising the admin "multisig" keys, they manually disabled the protocol’s "circuit breakers" and raised withdrawal limits to near-infinity.
🔹 Execution: They drained $285M in USDC, ETH, and JLP in under 10 seconds.
The Lesson for Us: As traders and entrepreneurs, we have to stop assuming that "Open Source" or "Audit" means "Safe." The weakest link is often the human layer. If a protocol has a "Security Council" or "Multisig" with human signers, those signers are targets.
This hack is the second-largest in Solana's history. It’s a wake-up call for the entire ecosystem to move toward immutable code and away from "admin keys" that can be social-engineered.
Does this make you rethink your "Long-Term" DeFi holdings? Are you moving your assets to cold storage, or do you still trust the "Security Councils" of major protocols? Let’s talk security in the comments. 👇
#DriftInvestigationLinksRecentAttackToNorthKorean #DriftProtocolExploited #Write2Earn #BinanceSquare #CryptoNewss $BTC
$DRIFT
$SOL
$SOL
Just Hits 82.96 Today High ‼️
and I Opened Short On It!!
SL: 89
TP1: 82.0 - TP2: 81.5 - TP3: 81.0 - TP4: 80.5
#sol $SUI
$BULLA
#USJoblessClaimsNearTwo-YearLow #DriftInvestigationLinksRecentAttackToNorthKorean
Just Hits 82.96 Today High ‼️
and I Opened Short On It!!
SL: 89
TP1: 82.0 - TP2: 81.5 - TP3: 81.0 - TP4: 80.5
#sol $SUI
$BULLA
#USJoblessClaimsNearTwo-YearLow #DriftInvestigationLinksRecentAttackToNorthKorean
Login to explore more contents