On April 1, 2026, there was a serious security breach at Drift Protocol, the biggest decentralized futures exchange on the Solana network. Hackers stole about $286 million from a number of digital assets. Elliptic, a company that protects blockchains, says that North Korean hackers are to blame and that their actions are similar to those of the Democratic People's Republic of Korea (DPRK) in the past.
The attackers' actions and money-laundering techniques are very similar to those used in previous cyber attacks by the DPRK. This hack is one of the biggest in DeFi history and is currently the second biggest on Solana, after a $326 million attack on the Wormhole bridge in 2022. The biggest theft was the transfer of 41.7 million JLP tokens, which were worth about $155 million at the time.
After emptying the main vaults, the attacker quickly hid the stolen tokens by moving them to a Solana-based exchange service and then quickly changing them into USDC. The attacker carefully planned this robbery, making their digital wallet eight days before the main attack and even getting a small test transfer during that time. The network splits each user's tokens into separate accounts, which makes sure that stolen assets are spread out over many addresses.
Security companies use advanced tracking methods to connect these separate accounts to the main criminal.
