{"id":78969,"date":"2026-04-03T12:46:31","date_gmt":"2026-04-03T12:46:31","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=78969"},"modified":"2026-04-03T12:46:31","modified_gmt":"2026-04-03T12:46:31","slug":"is-your-crypto-funding-pyonyang-inside-solana-based-drift-protocol-286-million-exploit","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=78969","title":{"rendered":"Is Your Crypto Funding Pyonyang? Inside Solana-Based Drift Protocol $286 Million Exploit"},"content":{"rendered":"
\n

Blockchain analytics firm Elliptic says the $286 million exploit of Solana-based Drift Protocol is most likely linked to the Democratic People\u2019s Republic of Korea (DPRK).<\/p>\n

Solana Suffered One Of The Largest Crypto Exploits In History<\/h2>\n

On April 1st, the DEX Drift Protocol suffered a major exploit that drained almost $300 million dollars in crypto assets from its core vaults. The exchange reported on it on its official X account as it was still undergoing:<\/p>\n

\n

Drift Protocol is experiencing an active attack. Deposits and withdrawals have been suspended. We are coordinating with multiple security firms, bridges, and exchanges to contain the incident. This is not an April Fools joke. We\u2019ll provide additional updates from this account as\u2026 https:\/\/t.co\/03SRPq4fHj<\/a><\/p>\n

\u2014 Drift (@DriftProtocol) April 1, 2026<\/a><\/p>\n<\/blockquote>\n

The raid unfolded in under 20 minutes, with roughly $286 million siphoned off across a basket of assets from close to 20 vaults. Drift is the largest decentralized perpetual futures exchange on Solana. This is the biggest crypto exploit seen so far in 2026 and ranks among the largest on record, edging out the $235 million WazirX breach.<\/p>\n

Drift\u2019s total value lock (TVL) collapsed from roughly $550 million to under $250 million after the attack. The team\u2019s emergency response consisted of pausing deposits and withdrawals and coordinating with security firms and exchanges.<\/p>\n

The protocol shared the details of the incident later on, claiming it was a \u201ca highly sophisticated operation that appears to have involved multi-week preparation and staged execution\u201d. Beyond that, the exchange\u2019s official channels refrained from attributing responsibilities.<\/p>\n

\n

Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift\u2019s Security Council administrative powers.<\/p>\n

This was a highly sophisticated operation that appears to have involved\u2026<\/p>\n

\u2014 Drift (@DriftProtocol) April 2, 2026<\/a><\/p>\n<\/blockquote>\n

Now, the analytics firm Elliptic has released an investigation<\/a> claiming the on\u2011chain behavior, laundering methods, and network\u2011level indicators match the techniques seen in prior DPRK\u2011linked operations, making this not just another DeFi rug, but a suspected state\u2011sponsored attack.<\/p>\n

The North Korean Hackers Strike Again<\/p>\n

Ledger CTO Charles Guillement also linked Drift\u2019s attack method to Bybit\u2019s $1.4 billion hack, which was attributed to North Korean hacking groups. NewsBTC\u2019s sister website Bitcoinist reported on this yesterday.<\/a><\/p>\n

\n

Drift Protocol, one of the leading perpetual DEXs on Solana, has been hacked for approximately $213M. This makes it the biggest hack of 2026 so far, and one of the largest ever on the Solana blockchain, right behind the Wormhole Bridge exploit of 2022.<\/p>\n

The full details of the\u2026<\/p>\n

\u2014 Charles Guillemet (@P3b7_) April 2, 2026<\/a><\/p>\n<\/blockquote>\n

According to Elliptic, the attacker likely compromised Drift\u2019s administrator private keys, gaining privileged control over withdrawals and key parameters. The attack systematically drained three main vaults: JLP Delta Neutral, SOL Super Staking and BTC Super Staking, including a single $41.7 million JLP transfer worth about $155 million.<\/p>\n

Elliptic traced the stolen funds and concluded that the attacker created the wallet roughly eight days before the exploit and even received a small test transfer from a Drift vault. This suggests a pre\u2011planned, staged operation rather than a smash\u2011and\u2011grab.<\/p>\n

\"Solana,<\/p>\n

After the exploit was completed, the attacker used Jupiter, a Solana DEX aggregator, to swap the stolen tokens into USDC, bridged funds to Ethereum, and then rotated into ETH and other assets across multiple wallets.<\/p>\n

Such cross\u2011chain laundering patterns, obfuscation methods, and network\u2011level indicators match techniques seen in prior DPRK\u2011attributed attacks, Elliptic claims. If officially confirmed, this would be the 18th such operation with over $300 million stolen already.<\/p>\n

Confirmed or not, there is no denying that state\u2011linked actors are systematically targeting liquidity\u2011rich crypto protocols to fund North Korea\u2019s weapons programs. Let\u2019s not forget that the North Korea\u2011affiliated Lazarus Group<\/a>\u00a0has funneled billions of dollars in stolen money through cryptocurrency networks.<\/p>\n

Elliptic has already clustered all attacker\u2011linked token accounts on Solana and Ethereum so exchanges and protocols can screen against contaminated funds in near real time.<\/p>\n

The hack will likely harden scrutiny of Solana DeFi governance, admin key design, and multisig security, even as the ecosystem continues to chase institutional\u2011grade perps liquidity.<\/p>\n

\"Solana,<\/p>\n

Cover image from Perplexity. SOLUSD chart from Tradingview.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Blockchain analytics firm Elliptic says the $286 million exploit of Solana-based Drift Protocol is most likely linked to the Democratic People\u2019s Republic of Korea (DPRK). Solana Suffered One Of The Largest Crypto Exploits In History On April 1st, the DEX Drift Protocol suffered a major exploit that drained almost $300 million dollars in crypto assets […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-78969","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/78969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=78969"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/78969\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=78969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=78969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=78969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}