Table of Contents
Major Breach at Drift Protocol: US$280 Million Vanishes in Suspected North Korean Attack
On April 1, Drift Protocol, the prominent decentralised perpetual futures exchange operating on the Solana network, was the target of a significant security breach, resulting in a staggering loss of approximately US$280 million (AU$400 million). The attackers exploited a unique feature of Solana known as the durable nonce, allowing them to pre-authorise malicious transactions weeks prior to the attack. This enabled them to seize control of the security council and drain three of the protocol’s vaults.
Overview of the Attack
Elliptic, a blockchain analytics firm, has characterised this operation as a suspected attack orchestrated by North Korean state-backed actors. Before the hack, Drift Protocol boasted a total value locked (TVL) of about US$550 million (AU$843 million), a figure which plummeted to below US$250 million (AU$383 million) within mere hours following the exploit.
The breach involved the extraction of approximately 41.7 million JLP tokens, valued at around US$155 million, which were subsequently converted into USDC and then moved to the Ethereum blockchain. The repercussions were felt across the market, with SOL’s spot price plummeting nearly 9% to roughly US$78.60 (AU$120.40). This incident marks one of the largest exploits in Solana’s history, second only to the 2022 Wormhole bridge attack, which had resulted in a loss of US$326 million (AU$499 million).
Acknowledging the Breach
Drift Protocol was quick to address the situation publicly, cautioning users against depositing funds during their investigation. In a public statement, the protocol highlighted the unusual activity and assured users that their concerns were taken seriously, emphasising that this was “not an April Fools’ joke.”
Insights from Blockchain Analytics
Elliptic’s analysis noted that the transaction patterns and methods used for laundering the stolen funds were consistent with prior North Korean operations. They estimated that the total losses could reach US$286 million (AU$415 million) and identified this incident as the 18th suspected DPRK-linked crypto attack in 2026. Year-to-date, these groups have been responsible for over US$300 million (AU$435 million) in theft.
In 2025 alone, North Korean-linked actions resulted in the theft of around US$2 billion (AU$2.9 billion) in cryptocurrency, accounting for approximately 60% of the total global theft in the sector that year. Cumulatively, such operations have surpassed US$6.5 billion (AU$9.43 billion), with the U.S. government alleging these funds are linked to the country’s weapons development programmes.
Context and Significance
The Drift Protocol exploit stands as one of the most severe breaches in the decentralised finance (DeFi) space, alongside the notable US$1.5 billion (AU$2.18 billion) hack of Bybit in 2025. It highlights the increasing vulnerability within the crypto ecosystem, particularly as malicious actors become more sophisticated in their approaches.
As the industry strives for greater security measures, the implications of such attacks resonate throughout the cryptocurrency market and beyond, prompting calls for enhanced regulatory frameworks and protective standards.
In summary, the Drift Protocol incident underscores both the risks involved in the rapidly evolving landscape of digital finance and the necessity for vigilance among users and operators alike. As investigations continue, the crypto community remains watchful for the evolving implications of this high-profile breach.
