Drift Protocol was hacked for over 286 million USD
The decentralized derivatives platform Drift Protocol has become the center of attention after suffering a severe attack, with estimated damages of 286 million USD according to analysis from Elliptic.
This is considered the largest DeFi hack of 2026, and the second major incident in the Solana ecosystem, only after the previous Wormhole incident.
Immediately after the incident, the total value locked (TVL) of the platform dropped sharply from about 550 million USD to below 250 million USD, reflecting the severity of the damages.
Suspicion related to North Korean hackers
Elliptic stated that the on-chain signs, money laundering methods, and network behaviors share many similarities with previous campaigns related to North Korea.
If confirmed, this will be the 18th attack in 2026 related to this group.
Since the beginning of the year, hacker groups related to North Korea have stolen over 300 million USD, and the total damage over the years is estimated to exceed 6.5 billion USD.
This indicates an increasingly organized and large scale of attack campaigns on the crypto market.
Admin key vulnerability and attack scenarios have been prepared.
According to PeckShield, the main cause is likely due to the compromise of the governance private key, allowing the hacker full control over the system.
The attacker has withdrawn assets from several vaults such as JLP, SOL, and BTC staking, with 41.7 million JLP (~155 million USD) being withdrawn in just one transaction.
Notably, the hacker's wallet was created 8 days before the attack and had conducted trial transactions, indicating this was a multi-stage preparation plan.
After being compromised, the assets were converted to USDC, then bridged to Ethereum and exchanged for ETH to cover the traces.
This event once again warns that in DeFi, just one weak access point can lead to the entire system being exploited in a very short time.
