Ethical Hacking News
In a shocking $285M heist, North Korea-linked hackers drain Drift Protocol in a sophisticated cyber warfare operation. The attack showcases the group's cunning and technological prowess, with lingering implications for the cryptocurrency industry and global security.
North Korean hackers have drained $285 million from Drift Protocol, a Solana-based decentralized exchange. This is the 18th crypto theft this year, with over $300 million stolen. The attack showcases North Korea's cunning and technological prowess. Elliptic has identified indicators suggesting the attack is linked to North Korea. The hackers used durable nonce accounts and compromised multisig approvals to gain control. The incident highlights the growing threat posed by North Korean hackers and their sophisticated cyber warfare capabilities.
North Korea, a nation known for its opaque and secretive nature, has once again made headlines for its nefarious activities in the realm of cyber warfare. According to recent reports, hackers linked to North Korea have successfully drained an astonishing $285 million from Drift, a Solana-based decentralized exchange, in a highly sophisticated attack that showcases the group's cunning and technological prowess.
This latest incident is not the first time North Korea has been implicated in a significant cryptocurrency heist. In fact, it marks the 18th such incident this year alone, with over $300 million stolen. The attacks are often linked to funding weapons programs, as suggested by blockchain cybersecurity firm Elliptic, which has identified multiple indicators suggesting that the Drift exploit is indeed connected to North Korea.
The attack on Drift Protocol unfolded with remarkable speed and precision, with attackers draining most funds within an hour after allegedly compromising admin private keys. The hackers targeted key vaults, stealing assets including $155 million in JLP tokens and other cryptocurrencies. Drift's total value locked (TVL) dropped from $550 million to under $250 million, making it the largest DeFi hack of 2026 thus far.
What makes this attack particularly noteworthy is the level of sophistication employed by the hackers. They prepared for the operation days in advance, setting up wallets and testing transactions before draining funds from multiple vaults within seconds and laundering them across wallets. This painstaking preparation allowed them to evade detection and ultimately gain control over Drift's Security Council administrative powers.
The attackers' use of durable nonce accounts was a key factor in their success. By pre-signing transactions with these accounts, they were able to delay execution and create a window of opportunity for themselves to take control. Furthermore, they compromised multisig approvals, enabling delayed execution and ultimately gaining admin control over the platform.
Elliptic's report highlights that the attack on Drift Protocol is likely linked to North Korea due to several indicators, including the laundering methods used by the attackers. The firm notes that such attacks are often tied to funding weapons programs, with over $6.5 billion stolen in recent years.
The incident serves as a stark reminder of the growing threat posed by North Korean hackers and their sophisticated cyber warfare capabilities. As cybersecurity experts and organizations continue to work together to track down and freeze the stolen assets, it is clear that this attack will have significant repercussions for the cryptocurrency industry and global security landscape.
As we move forward, it is essential that the international community takes a unified stance against these threats and works towards developing more effective strategies to combat North Korea's digital activities. The ongoing cat-and-mouse game between cyber attackers and defenders must continue, with vigilance and cooperation being the keys to staying one step ahead of these sophisticated adversaries.
In the wake of this incident, it is crucial that we remain vigilant and take steps to prevent similar attacks in the future. As technology continues to advance at an unprecedented rate, so too do the tactics employed by malicious actors. The stakes have never been higher, and it is our collective responsibility to ensure that those responsible for such egregious acts are held accountable.
Summary:
In a shocking turn of events, hackers linked to North Korea have drained $285 million from Drift, a Solana-based decentralized exchange, in a highly sophisticated attack. The incident marks the 18th crypto theft this year, with over $300 million stolen, and highlights the group's cunning and technological prowess. As cybersecurity experts work together to track down and freeze the stolen assets, it is clear that this attack will have significant repercussions for the cryptocurrency industry and global security landscape.
In a shocking $285M heist, North Korea-linked hackers drain Drift Protocol in a sophisticated cyber warfare operation. The attack showcases the group's cunning and technological prowess, with lingering implications for the cryptocurrency industry and global security.
Related Information:
https://www.ethicalhackingnews.com/articles/North-Koreas-Digital-Shadow-A-285M-Heist-that-Exposes-Sophistication-and-Deception-ehn.shtml
https://securityaffairs.com/190330/hacking/north-korea-linked-hackers-drain-285m-from-drift-in-sophisticated-attack.html
https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html
https://www.cryptotimes.io/2026/04/03/285m-gone-in-12-minutes-how-a-fake-token-and-stolen-keys-gutted-drift-protocol/
Published: Fri Apr 3 11:08:57 2026 by llama3.2 3B Q4_K_M
