How did the hackers get approved transactions from Drift's security team?

They socially engineered security council members into approving pre-signed transactions that looked routine but secretly embedded elevated privileges. The attackers used Solana's durable nonce feature to hide the true intent of the approvals.

Will users get their money back from Drift Protocol?

Unlikely in full. Recovery efforts are ongoing, but precedent suggests only a fraction of stolen funds are typically recovered from DeFi exploits. Users may receive compensation in DRIFT tokens, which are now trading significantly lower.

What does TRM Labs say about North Korean involvement?

TRM Labs pointed to Tornado Cash usage, timing aligned with Pyongyang business hours, cross-chain bridging patterns, and parallels to the 2025 Bybit exploit as strong indicators of state-sponsored North Korean activity.

🔗 Crypto & Blockchain

How North Korean Hackers Stole $285 Million From Solana's Drift Protocol in 12 Minutes

In one of crypto's most sophisticated heists, suspected North Korean operatives drained $285 million from Solana's biggest perpetual futures platform in under 12 minutes. The attack wasn't a coding error—it was a masterclass in human manipulation.

Fintech Dose Apr 03, 2026 4 min read 26 views

Read in: Deutsch English Español Français Italiano 日本語 한국어 Português (BR) Русский Türkçe

Digital visualization of a security breach on the Solana blockchain, showing $285 million flowing through unauthorized transaction channels

⚡ Key Takeaways

The $285M Drift Protocol heist took just 12 minutes to execute but three weeks to plan, using social engineering and a fake token to manipulate price oracles. 𝕏
The real vulnerability wasn't code—it was human process: security council members approving pre-signed transactions without proper scrutiny, combined with the removal of timelock safeguards. 𝕏
Suspected North Korean operatives used Tornado Cash, precise Pyongyang-timed transactions, and laundering tactics matching prior state-sponsored exploits to drain the protocol. 𝕏
DeFi's systemic weaknesses—poor multisig hygiene, thin-liquidity oracles, and removed timelocks—remain widespread across the industry despite repeated high-profile breaches. 𝕏

Published by

Fintech Dose

Markets. Money. Innovation.

#DeFi exploit #Drift Protocol hack #North Korea cyber #Solana security #blockchain theft #oracle manipulation

Worth sharing?

Get the best Fintech stories of the week in your inbox — no noise, no spam.

Originally reported by Crowdfund Insider

⚡ Key Takeaways

The 60-Second TL;DR

Fintech Dose

Share this article

Worth sharing?

Related Stories

Drift's $280 Million Hack Exposes Crypto's Fatal Flaw: Trust in Code Isn't Enough

Drift's $285M Solana Heist Exposes DeFi's Dirty Secret: Code Isn't Enough

Drift's $9.7M Hack Exposes DeFi's Frozen Asset Problem—And What It Means for Your Portfolio

Drift's $280M Exploit Shows Why Onchain Negotiation With Hackers Is Becoming Standard Practice

Stay in the loop