Drift Protocol Loses $285M in North Korean State-Sponsored Attack

The Hacker News

Tuesday, April 7, 2026·5 min read·DeFi

Drift Protocol Loses $285M in North Korean State-Sponsored Attack

The Solana-based decentralized exchange Drift Protocol suffered a devastating $285 million hack on April 1, 2026, which has been attributed to North Korean state-sponsored hackers (UNC4736 group, also known as Lazarus Group). The attack was revealed to be the result of a months-long social engineering operation that began in fall 2025. The attackers used sophisticated tactics including posing as a trading firm and building a functioning operational presence inside the Drift ecosystem.

The hack utilized a novel attack involving durable nonces, resulting in rapid takeover of Drift's Security Council administrative powers. This marks the largest DeFi exploit of 2026 to date, slashing the protocol's total value locked from $550 million to under $250 million. The attack required organizational backing, significant resources, and months of deliberate preparation according to the protocol's post-mortem analysis.

Source: thehackernews.com·This article is an original analysis by CryptoFirst based on publicly available information.

#North Korea#Lazarus Group#Social Engineering#Solana#State-Sponsored

Disclaimer: CryptoFirst provides news analysis for informational purposes only. This is not financial advice. Cryptocurrency investments are subject to market risks. Please do your own research before making any investment decisions.