Drift Protocol suffered a massive $286 million hack on April 1, 2026, attributed to North Korean state-linked actors using a sophisticated durable nonce attack. The exploit used legitimate Solana transaction features to bypass multisig security, draining funds in just 12 minutes. The attack affected over 20 protocols including Carrot Protocol and Pyra Protocol, with users unable to access funds as of April 3, 2026. Security firms Elliptic and TRM Labs linked the attack to DPRK-backed Lazarus Group, citing the use of Tornado Cash origins and deployment timing matching Pyongyang timezone.