I’ve noticed that cryptocurrency hacking incidents have surged dramatically over the past few weeks. In April alone, the scale has reached the largest level since February 2025. According to data from DefiLlama, they reportedly reached that level already—even though it’s only mid-month.

The main cause is an outflow of about $285 million (approximately ¥42.8 billion) from the Solana-based Drift Protocol. This alone is pushing up this month’s total losses by nearly itself. It’s been reported that the outflow involved USDC and JLP tokens, and that some of it was converted into ETH.

What’s worth paying close attention to, however, is the method used for the hacking damage. It wasn’t due to a vulnerability in the smart contract; rather, it was a human intrusion route in which the attackers spent 6 months posing as a fake trading company, building trust, and then bringing in malware. They reportedly got more than $1 million deposited, disguising it as normal business operations.

Mandiant’s investigation suggests involvement by North Korea–linked hackers, and also points to state-sponsored tactics such as abusing pre-signed transactions. In other words, preventing hacking damage requires not only code audits, but also comprehensive measures—including managing the devices of personnel with signing authority, decentralizing permissions, and putting in place an internal operational audit system. For the entire Solanaエコシステム, this has revealed structural issues, not just problems with individual protocols.