Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit

On April 1, 2026, a huge theft happened on the largest decentralized perpetual futures exchange on the Solana blockchain This article explores korea stolen billion. . In less than an hour, unknown hackers stole $286 million worth of digital assets from its main liquidity vaults.

Elliptic analysts found several on-chain signs that strongly point to the attack coming from people connected to North Korea's Democratic People's Republic of Korea (DPRK). If this link is confirmed, it would mean that the DPRK has stolen $300 million worth of cryptocurrency in 2026 alone, making it the 18th time this has happened. Reports say that people linked to North Korea have stolen more than $6.5 billion worth of cryptocurrency over the past few years. The U.S. government says that these thefts are directly linked to North Korea's efforts to fund its weapons programs.

The event was carefully planned and carried out with amazing speed and accuracy.

The quick execution of the theft showed that the attackers had plenty of time to plan their attack. They methodically emptied three main vaults, which caused a lot of problems in the decentralized finance ecosystem. The biggest single transaction involved moving about 41.7 million JLP tokens, which were worth about $155 million at the time of the theft.

DefiLlama data shows that Drift's total value locked (TVL) dropped a lot after the event, from about $550 million to less than $250 million. They immediately stopped all deposits and withdrawals while they worked with different security companies, cross-chain bridge providers, and cryptocurrency exchanges to limit the damage.

So far, this is the biggest DeFi hack of 2026 and the second-biggest security breach in the SolANA ecosystem. The only bigger one was the $326 million Wormhole bridge exploit in 2022. These events show that North Korean agents want to attack crypto infrastructure on a large scale.

The Drift exploit is part of a bigger attack on the cryptocurrency sector by DPRK-linked hackers. The attacker's wallet was set up eight days before the exploit, and during that time, it got a test transfer from a Drift vault.

The event was carefully planned and carried out with amazing speed and accuracy.

Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit

Trending News

Trojanized PyPI AI Proxy Steals Data With Stolen Claude Prompt

Trojanized PyPI AI Proxy Steals Data With Stolen Claude Prompt

Threat Actors Weaponize Browser-Based Zoom and Teams Lures

Threat Actors Weaponize Browser-Based Zoom and Teams Lures

Threat Actors Deploy New BPFDoor Variants With Stealthier C2 Tactics

Threat Actors Deploy New BPFDoor Variants With Stealthier C2 Tactics

Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

Shadow AI in Healthcare Is Here to Stay

Shadow AI in Healthcare Is Here to Stay

RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever

RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

OWASP GenAI Security Project Gets Update, New Tools Matrix

OWASP GenAI Security Project Gets Update, New Tools Matrix

North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit

Trending News

Trojanized PyPI AI Proxy Steals Data With Stolen Claude Prompt

Trojanized PyPI AI Proxy Steals Data With Stolen Claude Prompt

Threat Actors Weaponize Browser-Based Zoom and Teams Lures

Threat Actors Weaponize Browser-Based Zoom and Teams Lures

Threat Actors Deploy New BPFDoor Variants With Stealthier C2 Tactics

Threat Actors Deploy New BPFDoor Variants With Stealthier C2 Tactics

Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

Storm-1175 Deploys Medusa Ransomware at 'High Velocity'

Shadow AI in Healthcare Is Here to Stay

Shadow AI in Healthcare Is Here to Stay

RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever

RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

OWASP GenAI Security Project Gets Update, New Tools Matrix

OWASP GenAI Security Project Gets Update, New Tools Matrix

North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens