Drift Protocol, the largest decentralized perpetual futures exchange on the Solana blockchain, experienced a major security incident on April 1, 2026, with Elliptic calculating that the combined value of assets stolen in this exploit was $286 million. The on-chain behavior, laundering methodologies and network-level indicators associated with the attack are consistent with techniques observed in previous DPRK-attributed operations, marking this as the eighteenth DPRK act tracked this year with over $300 million stolen so far to fund weapons programs. According to DefiLlama, Drift's total value locked (TVL) collapsed from approximately $550 million to under $250 million following the attack, making it the largest DeFi hack of 2026 to date and the second-largest security incident in the Solana ecosystem after the $326 million Wormhole bridge exploit in 2022. The attackers drained approximately $285 million in user assets in roughly 12 minutes on April 1, with on-chain staging beginning on March 11 nearly three weeks before execution, using a combination of social engineering multisig signers and a zero-timelock Security Council migration.