Solana's Drift Protocol Hit by $285M Exploit, Suspected DPRK Link
SOL Price Chart
Drift Protocol, a decentralized perpetual futures exchange on Solana, suffered a significant exploit on April 1, 2026, resulting in the theft of approximately $285 million in various cryptocurrencies. Investigations by TRM Labs and Elliptic strongly suggest the involvement of North Korean operatives, citing pre-exploit activity like funds sourced from Tornado Cash and the creation of a fabricated token. The attack, executed over roughly 20 minutes, involved compromising the platform’s Security Council through social engineering and exploiting a durable nonce feature. Drift Protocol paused deposits and withdrawals and is coordinating with security firms and exchanges. Critics have also pointed fingers at Circle, alleging a slow response in freezing transferred funds, though Circle maintains it adheres to legal requirements. The exploit is the largest DeFi breach of 2026 and ranks as the second-largest in Solana’s history. While the attack caused Drift’s TVL to plummet, Telegram’s wallet integration with Lighter exchange launched on April 2nd, offering leveraged trading to 150M users.
Key Points
- 1Drift Protocol was exploited for $285 million on April 1, 2026.
- 2Evidence points to North Korean involvement in the attack.
- 3The exploit involved compromising the Security Council via social engineering and exploiting Solana's durable nonce feature.
Market Impact
The exploit has raised concerns about the security of Solana-based DeFi protocols and the increasing sophistication of attacks targeting human vulnerabilities. It also highlights the challenges stablecoin issuers face in balancing rapid response with legal compliance.