Apr 2
/
Latest News
North Korean Hackers Linked to $280 Million Drift Protocol Exploit
Decentralized finance platform Drift confirmed a major security incident on Wednesday resulting in the withdrawal of $280 million from its systems.
The platform's post-mortem revealed that malicious actors executed a "novel attack" involving a "rapid takeover" of the company’s security council administrative powers. This sophisticated operation targeted funds across borrow and lend features, vault deposits, and trading accounts. Drift officials clarified that the breach did not stem from a software bug or smart contract vulnerability, but rather from unauthorized transaction approvals obtained through advanced social engineering.
The attack was meticulously prepared over several weeks, beginning on March 23 and culminating in the execution of two pre-signed transactions on April 1. These transactions allowed for delayed execution and enabled the hackers to bypass and remove pre-set withdrawal limits. Drift is currently coordinating with security firms, crypto bridges, exchanges, and law enforcement to trace and freeze the stolen assets.
Blockchain security firm Elliptic, along with several independent researchers, has attributed the attack to hackers based in North Korea (DPRK). Experts noted that the on-chain behavior and laundering methodologies are consistent with previous DPRK-attributed operations, such as the $1.5 billion Bybit hack from the previous summer. This incident marks a significant escalation in North Korea's cyber-theft campaign, which the U.S. alleges is used to fund the nation's military weapons program. This attribution follows recent reports linking North Korean actors to other major cybersecurity incidents, including the compromise of the popular Axios library.
The platform's post-mortem revealed that malicious actors executed a "novel attack" involving a "rapid takeover" of the company’s security council administrative powers. This sophisticated operation targeted funds across borrow and lend features, vault deposits, and trading accounts. Drift officials clarified that the breach did not stem from a software bug or smart contract vulnerability, but rather from unauthorized transaction approvals obtained through advanced social engineering.
The attack was meticulously prepared over several weeks, beginning on March 23 and culminating in the execution of two pre-signed transactions on April 1. These transactions allowed for delayed execution and enabled the hackers to bypass and remove pre-set withdrawal limits. Drift is currently coordinating with security firms, crypto bridges, exchanges, and law enforcement to trace and freeze the stolen assets.
Blockchain security firm Elliptic, along with several independent researchers, has attributed the attack to hackers based in North Korea (DPRK). Experts noted that the on-chain behavior and laundering methodologies are consistent with previous DPRK-attributed operations, such as the $1.5 billion Bybit hack from the previous summer. This incident marks a significant escalation in North Korea's cyber-theft campaign, which the U.S. alleges is used to fund the nation's military weapons program. This attribution follows recent reports linking North Korean actors to other major cybersecurity incidents, including the compromise of the popular Axios library.
Executive IT Forums, Inc.
Educational Programs on Information Technology, Governance, Risk Management, & Compliance (GRC).
Our Newsletter
Get regular updates on CPE programs, news, and more.
Thank you!
Copyright © 2026 Executive IT Forums, Inc. All Rights Reserved.
Get started
Let us introduce our school
Write your awesome label here.