North Korean hackers drained Solana's biggest perps DEX using social engineering and pre-signed transactions, sparking recovery controversy.
Drift Protocol, Solana's largest perpetual futures exchange, was drained of $285 million on April 1 in what security firms have attributed to North Korean state-backed hackers.
Attackers exploited Drift Protocol on April 1, 2026, draining approximately $285 million in user funds in just 12 minutes. The operation began weeks earlier on March 11, when a wallet funded through Tornado Cash deployed a fabricated collateral token called CarbonVote (CVT).
The critical vulnerability was not a smart contract bug. Attackers posed as a trading firm and socially engineered members of Drift's five-member Security Council multisig into pre-signing hidden authorizations. They then used Solana's "durable nonces" feature to keep those approvals valid for over a week before executing a zero-timelock migration that transferred protocol control.
Security firms Elliptic and TRM Labs attributed the attack to DPRK-linked threat actors, citing laundering patterns and on-chain timestamps consistent with Lazarus Group tradecraft. Stolen funds were bridged to Ethereum via Wormhole and laundered through Tornado Cash within hours.
This is the largest DeFi hack of 2026 and the second-largest security incident in Solana's history, behind only the $326 million Wormhole bridge exploit in 2022. It highlights a growing trend: state-backed attackers targeting DeFi protocols not through code exploits but through social engineering of governance structures.
The recovery plan has been controversial. Solana co-founder Anatoly Yakovenko suggested an IOU token airdrop to make victims whole. On April 4, blockchain analytics platform Onchain Lens reported that 56.25 million DRIFT tokens (valued at $2.44 million) were deposited into centralized exchanges Bybit and Gate from a wallet initially linked to the Drift team, drawing sharp community criticism. Onchain Lens later corrected the report, clarifying the wallet belonged to an investor rather than the team. The incident still underscored the fragile trust around the protocol's recovery.
No comprehensive reimbursement plan has been announced as of April 6. Blockchain analysts continue tracking the stolen funds across multiple wallets, though recovery efforts remain complicated by the cross-chain laundering. The incident is likely to accelerate discussions around multisig security standards and timelock requirements for DeFi governance.
This is a developing situation. Drift Protocol has not confirmed a timeline for user reimbursement, and fund recovery remains uncertain.
BTC stages dramatic 11% recovery after nearly breaching $60K, while market sentiment remains at extreme fear levels.
Senator Boozman postpones Digital Asset Market Clarity Act from January 15 to final week of January to secure bipartisan support.
Charles Hoskinson and Anatoly Yakovenko end years of rivalry by agreeing to build an ADA-SOL bridge, calling it "time to get cooking."
Disclaimer: News content is for informational purposes only and should not be considered financial advice. Market conditions can change rapidly. Always conduct your own research.
