Elliptic: Drift attack incident suspected to be carried out by North Korean hacker group

ME News report, April 2 (UTC+8): blockchain analytics firm Elliptic said that Drift Protocol suffered an attack, resulting in losses of $285 million, with “multiple indicators” pointing to North Korea-backed DPRK hacker organizations. Elliptic focused on analyzing on-chain activity, money-laundering methods, and network-layer signals, all of which match prior nation-state-linked attacks. The Elliptic report said: “If confirmed, this would be the 18th DPRK attack action Elliptic has tracked this year, with more than $300 million stolen to date.”

On the technical side, Elliptic described the attack as “premeditated and meticulously planned,” with early test transactions and pre-prepared wallets before the main attack. After the attack was carried out, the funds were quickly consolidated and transferred via cross-chain moves, converted into assets with higher liquidity, forming an organized, repeatable money-laundering process designed to obscure the source of the funds while maintaining control. The incident involved more than ten types of assets. Funds were transferred from Solana across chains to Ethereum and other chains, further highlighting the importance of cross-chain traceability.

Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain, and since the hack, its token has fallen by more than 40% to around $0.06. (Source: ChainCatcher)