On April 1, what seemed like a prank turned serious when the decentralized platform Drift was hit by a massive breach, draining hundreds of millions from its accounts. The company lost $280 million in Wednesday’s hack, with experts pointing to possible involvement from North Korea.
On April 2, 2026, Drift Protocol announced on X that a malicious actor had gained unauthorized access using a novel attack exploiting durable nonces, swiftly seizing control of Drift’s Security Council administrative powers. (Durable nonces are a Solana feature designed to prevent transaction expirations.)
Blockchain analytics firm Elliptic noted that the on-chain activity mirrors patterns seen in previous North Korea-backed attacks. The Kim Jong Un-led regime has a long history of crypto crime: in 2025 alone, it was linked to $2 billion in stolen digital assets—roughly 60% of all crypto thefts globally, according to Chainalysis. Last year, North Korean hackers executed a $1.5 billion breach of Bybit, marking the largest crypto heist in history.
North Korean hackers often rely on social engineering—tricking people into revealing private information—but the recent Drift attack took a different approach. This time, attackers exploited a Solana feature called a durable nonce to trick the company’s Security Council into pre-approving transactions weeks in advance, according to Coindesk. As a result, Drift temporarily suspended customer deposits and withdrawals.
Founded in 2021 by Cindy Leow and David Lu, Drift offers perpetual futures and other trading products. At the time of the breach, the platform held over $400 million in deposits and processed more than $19 million in trades, according to its website.
North Korean cyberattacks aren’t limited to large crypto firms. Fortune crypto reporter Ben Weiss was also targeted: attackers accessed one of his contact’s Telegram accounts, set up a video call, and tried to run a script on his computer to steal his passwords.
Source: Fortune.com Edited by Bernie
