On April Idiot’s day, the decentralized platform Drift noticed a whole lot of hundreds of thousands of {dollars} drained from its accounts and, sadly, this was no joke. The corporate suffered a $280 million hack on Wednesday, and business consultants suspected that North Korea was behind it.
“Earlier at this time, a malicious actor gained unauthorized entry to Drift Protocol by means of a novel assault involving sturdy nonces, leading to a speedy takeover of Drift’s Safety Council administrative powers,” the corporate introduced on X. A sturdy nonce is a device used on Solana used to keep away from transaction expirations.
The blockchain analytics agency Elliptic says that the on-chain conduct is constant with earlier North Korea-backed crimes. The Kim Jong Un-led nation isn’t any stranger to perpetrating crypto crime. In 2025, the nation was accountable for $2 billion of stolen crypto, equal to about 60% to all of the digital asset funds stolen world wide, in response to blockchain analytics agency Chainalysis. Final yr, North Koreans executed an almost $1.5 billion hack of Bybit within the largest crypto assault in historical past.
Hackers from North Korea typically use social engineering, after they manipulate individuals into trusting them to get non-public info, however that wasn’t precisely the case on this most up-to-date Drift assault. This occasion concerned the usage of a sturdy nonce, which is a Solana function, to dupe the corporate’s safety council into pre-approving transactions that might occur weeks later, in response to Coindesk. The platform suspended deposits and withdrawals for its clients.
Drift, based by Cindy Leow and David Lu in 2021, offers perpetual futures and different buying and selling merchandise to its customers. The corporate had over $400 million in complete deposits and greater than $19 million in complete trades, in response to its web site.
Massive crypto firms are usually not the one ones prone to assaults by North Koreans. Fortune crypto reporter Ben Weiss was also targeted by the DPRK. The malicious actor hacked into Weiss’s contact’s Telegram, organized a video name with him, and tried to run a script on his pc to get his passwords.
