Symbols

DRIFT Protocol Loses $280–285 Million in Sophisticated Exploit Linked to North Korean Actors

Generated by AI AgentAinvest Coin BuzzReviewed byAInvest News Editorial Team

Friday, Apr 3, 2026 3:03 pm ET2min read

SOL--

ETH--

Aime Summary

- Drift Protocol lost $280–285M via a North Korea-linked attack exploiting admin access and fake tokens.

- Attackers manipulated transaction approvals and oracleORCL-- systems without breaching smart contracts or seed phrases.

- The breach impacted 20+ SolanaSOL-- DeFi projects, prompting calls for stronger governance and cross-chain security.

- DRIFT token dropped 40%, highlighting DeFi's vulnerabilities in governance and oracle mechanisms.

- Stolen funds moved to EthereumETH-- via bridges, raising compliance concerns under U.S. sanctions.

Drift Protocol, a decentralized trading platform on SolanaSOL--, lost an estimated $280–285 million after attackers gained unauthorized access to its administrative functions through a sophisticated method involving durable nonces and pre-signed transactions.
The attack exploited a planned delay in transaction execution, allowing the attacker to bypass security measures without compromising smart contracts or seed phrases.
Blockchain analytics firms Elliptic and TRM Labs have linked the attack to North Korean cybercriminals based on on-chain activity and laundering patterns consistent with DPRK tradecraft.

The breach did not result from a vulnerability in Drift's code but rather from compromised administrative access and social engineering tactics. Attackers used durable nonce accounts to manipulate transaction approvals weeks in advance, enabling them to gain control of the protocol's Security Council.

Drift confirmed that no seed phrases were compromised and that the attack involved pre-signed transactions and staged approvals. The attacker was able to introduce a malicious asset and remove withdrawal limits, facilitating the rapid drainage of funds.

Following the incident, Drift suspended all deposits and withdrawals to prevent further losses and is working with security firms and law enforcement to trace and freeze the stolen assets. The stolen funds have been converted into stablecoins and moved to Ethereum via cross-chain bridges.

How Did the Attack Occur?

The attacker created a fake token known as the CarbonVote Token (CVT), seeded it with minimal liquidity, and manipulated its price history through wash trading to fool oracle systems. This allowed the attacker to deposit large sums as collateral and execute large-scale withdrawals.

The attack involved a multi-week planning period, during which the perpetrator created a test transaction from a Drift vault to assess the system's response. The wallet used in the attack was set up eight days before the incident, suggesting a well-coordinated operation.

What Are the Implications for the DeFi Space?

The Drift Protocol exploit highlights the growing risks associated with governance and oracle systems in DeFi. Attackers did not exploit traditional smart contract vulnerabilities but instead manipulated approval mechanisms and administrative controls.

The incident has led to increased scrutiny of key management and governance protocols within DeFi platforms. Analysts and security experts have called for stronger oversight of admin access and more rigorous audits of transaction execution systems.

The DRIFT token dropped over 40% in value following the incident, reflecting market concerns about the platform's security and long-term viability. The total value locked (TVL) in Drift has also plummeted from $1.5 billion to $247 million.

What Is the Broader Impact on the Solana Ecosystem?

The Drift Protocol breach has spread to at least 20 other Solana-based DeFi projects, with losses continuing to mount. Protocols such as PiggyBank, Perena, and Vectis have also been affected, with some suffering losses in excess of $10 million.

The attack has raised concerns about the overall security of the Solana ecosystem and the potential for similar exploits across interconnected platforms. Security experts are now calling for coordinated efforts to harden cross-chain bridges and governance mechanisms.

Drift is currently working with security firms and law enforcement to trace the stolen funds and has pledged to publish a detailed post-mortem report. The incident underscores the need for greater transparency and collaboration among DeFi projects to prevent future breaches according to MEXC.

The DRIFT token remains highly volatile, with analysts warning that a full recovery may depend on the success of tracing and freezing the stolen assets. The incident has also triggered compliance concerns for exchanges and bridges handling the funds, particularly under U.S. Treasury OFAC sanctions.

Ainvest Coin Buzz

Blending traditional trading wisdom with cutting-edge cryptocurrency insights.

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.

Comments

﻿

Add a public comment...

No comments yet

AInvest
PRO

Editorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process. While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context. Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue