Is North Korea Behind the Drift Protocol Hack? Here’s What the Data Shows

2 hours ago 8

Blockchain analytics firm Elliptic’s latest analysis suggested that actors linked to the Democratic People’s Republic of Korea (DPRK) may be behind the Drift Protocol hack.

The report highlighted that the hacker zeroed in on three primary vaults. This included the JLP Delta Neutral, SOL Super Staking, and BTC Super Staking.

Notably, the wallet used in the attack had been set up approximately eight days prior to the incident. It also received a minor test transaction from a Drift vault, pointing to a methodically planned operation.

Critical information of parties related to the exploit have been identified. Drift is now sending an on-chain message from 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105 to the ETH Wallets that holds the stolen funds.

Wallet 1: 0xAa843eD65C1f061F111B5289169731351c5e57C1 (Timestamp…

— Drift (@DriftProtocol) April 3, 2026

Stolen assets were then swapped into USDC and bridged cross-chain from Solana to Ethereum.

“The on-chain behavior, laundering methodologies, and network-level indicators associated with the attack are consistent with techniques observed in previous DPRK-attributed operations,” the report read.

TRM Labs’ investigation also pointed to North Korean hackers. It flagged multiple signals that aligned with tactics commonly associated with North Korean operations.

“The use of Tornado Cash for initial staging, the deployment timing of the CarbonVote token at 09:30 Pyongyang time, the cross-chain bridging patterns, and the speed and scale of post-hack laundering — all of which align closely with techniques observed in prior DPRK-attributed hacks, including the Bybit exploit of 2025.”

The April 1 attack on the Solana (SOL)-based perpetual futures platform ranks as the largest Decentralized Finance (DeFi) hack of 2026. The fallout continues to spread, with reports that the number of affected projects has now jumped to 20.

Follow us on X to get the latest news as it happens

🚨New: @DriftProtocol exposure tracker updated with more Solana projects confirming impact from the $285M exploit. pic.twitter.com/DFhttYeadF

— SolanaFloor (@SolanaFloor) April 2, 2026

If confirmed, this incident would mark the 18th DPRK-linked act Elliptic has tracked in 2026, pushing the year’s total losses beyond $300 million. These actors have reportedly stolen over $6.5 billion in crypto assets in recent years, according to Elliptic.

A Chainalysis report found that North Korean hackers stole a record $2.02 billion in 2025 alone, a 51% year-over-year increase driven largely by the $1.5 billion Bybit breach.

The post Is North Korea Behind the Drift Protocol Hack? Here’s What the Data Shows appeared first on BeInCrypto.

Read Entire Article