Ethical Hacking News
North Korean hackers have carried out a sophisticated attack on DeFi trading platform Drift Protocol, resulting in a loss of at least $280 million. The attackers used durable nonce accounts and pre-signed transactions to execute malicious transactions, highlighting the importance of robust security measures in the cryptocurrency space.
Drift Protocol, a DeFi trading platform on Solana blockchain, suffered a $280 million loss due to a North Korean hacking attack.The attackers took control of Drift's Security Council administrative powers, allowing them to execute malicious transactions.The hackers used durable nonce accounts and pre-signed transactions to delay execution and strike with accuracy at chosen times.No seed phrases were compromised, and the hacker did not exploit any flaws in Drift Protocol's programs or smart contracts.Protocol functions are currently frozen due to unusual activity on the platform, affecting borrow/lend deposits, vault deposits, and trading funds.Drift Protocol is working with security firms, exchanges, and law enforcement to trace and freeze stolen funds.The attack highlights the importance of robust security measures in cryptocurrency space and international cooperation in combating cybercrime.
Drift Protocol, a DeFi trading platform built on the Solana blockchain, has suffered a significant loss of at least $280 million due to a sophisticated attack by North Korean hackers. The attack, which was carried out between March 23 and 30, involved the threat actor taking control of Drift's Security Council administrative powers in order to execute malicious transactions.
The attackers, who were linked to blockchain intelligence firms Elliptic and TRM Labs, used durable nonce accounts and pre-signed transactions to delay execution and strike with accuracy at a chosen time. This allowed them to pre-sign malicious transactions that weren't executed immediately, ultimately leading to the transfer of admin control to themselves within minutes.
According to Drift Protocol, the heist was prepared between March 23 and 30, with the attacker setting up durable nonce accounts and obtaining 2/5 multisig approvals from Security Council members to meet the required threshold. The platform claimed that no seed phrases were compromised and that the hacker did not exploit any flaws in its programs or smart contracts.
The attack had significant consequences for Drift Protocol, with all protocol functions currently frozen due to unusual activity on the platform. Borrow/lend deposits, vault deposits, and trading funds have been affected, and users are being urged not to deposit any funds until further notice.
Drift Protocol has announced that it is working closely with security firms, cryptocurrency exchanges, and law enforcement authorities to trace and freeze the stolen funds. The platform has also promised to publish a detailed post-mortem report in the coming days, providing insight into the attack and lessons learned from the incident.
The loss of $280 million represents a significant blow to Drift Protocol, which had claimed to have 200,000 traders supporting total trading volumes of over $55 billion. The platform's ability to withstand such a large-scale attack highlights the importance of robust security measures in the cryptocurrency space.
In light of this attack, it is clear that cybersecurity threats are becoming increasingly sophisticated and targeted. North Korean hackers have been linked to several high-profile attacks in recent years, including the Bybit hack and the compromise of Claude's source code.
As the DeFi industry continues to grow, it is essential that platforms like Drift Protocol prioritize security and implement robust measures to protect user funds. The recent attack serves as a stark reminder of the importance of cybersecurity awareness and the need for constant vigilance in the face of evolving threats.
The incident also highlights the importance of international cooperation in combatting cybercrime. Collaboration between law enforcement agencies, security firms, and cryptocurrency exchanges is crucial in tracing and freezing stolen funds and bringing perpetrators to justice.
In conclusion, the attack on Drift Protocol serves as a wake-up call for the DeFi industry, emphasizing the need for robust security measures and international cooperation in combating cybersecurity threats. As the industry continues to evolve, it is essential that platforms prioritize security and work together to protect user funds and prevent similar attacks from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/North-Korean-Hackers-Seize-280-Million-from-Drift-Protocol-in-Sophisticated-Attack-ehn.shtml
https://www.bleepingcomputer.com/news/security/drift-loses-280-million-north-korean-hackers-seize-security-council-powers/
https://www.moroccoworldnews.com/2026/04/285563/drift-hack-sees-280-million-stolen-in-biggest-crypto-exploit-of-2026/
Published: Fri Apr 3 01:00:37 2026 by llama3.2 3B Q4_K_M
