Elliptic: Drift attack incident suspected to be carried out by North Korean hacker group

ME News report: On April 2 (UTC+8), blockchain analytics firm Elliptic said that Drift Protocol suffered an attack resulting in a loss of $285 million, with “multiple signs” pointing to a DPRK hacking organization supported by North Korea. Elliptic focused on analyzing on-chain behavior, money-laundering methods, and network-level signals—all of which match earlier nation-linked attacks. The Elliptic report states: “If confirmed, this would be the 18th DPRK attack action Elliptic has tracked this year, with more than $300 million stolen so far.”

From a technical perspective, Elliptic described the attack as “premeditated and meticulously planned,” noting that prior to the main attack there were early test transactions and pre-arranged wallets. After the attack was carried out, the funds were rapidly consolidated and transferred via cross-chain transfers, converted into more liquid assets, forming a structured, repeatable money-laundering process designed to obscure the source of funds while maintaining control. The incident involved more than ten types of assets. Funds moved from Solana via cross-chain transfer to Ethereum and other chains, further highlighting the importance of cross-chain traceability.

Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain, and its token has fallen by more than 40% since the hack to about $0.06. (Source: ChainCatcher)