A sophisticated attack on Drift Protocol, Solana's largest decentralized perpetual futures exchange, resulted in the theft of approximately $285 million in user assets on April 1, 2026. The attack, which TRM Labs believes was perpetrated by North Korean hackers, represents the largest DeFi hack of 2026 and the second-largest exploit in Solana's history. The attackers executed their plan in just 12 minutes after weeks of careful preparation, combining social engineering, oracle manipulation, and a governance exploit. The critical vulnerability wasn't a smart contract bug but rather involved manipulating multisig signers and exploiting durable nonces to pre-sign hidden authorizations. The attacker manufactured a fictitious CarbonVote Token with seeded liquidity, which Drift's oracles incorrectly treated as legitimate collateral worth hundreds of millions. On-chain staging began on March 11th with ETH withdrawal from Tornado Cash, showing the attack's sophisticated planning and coordination.