Drift DeFi Platform Hit by $280M Exploit Linked to North Korean Hackers
Decentralized finance (DeFi) platform Drift confirmed a $280 million security breach on Wednesday, attributing the incident to a highly sophisticated attack involving the rapid takeover of its security council’s administrative powers. The company’s post-mortem revealed that the attackers spent weeks preparing, executing the exploit through pre-signed transactions and compromised approval processes that bypassed withdrawal limits.
The breach, which occurred on April 1, stemmed from unauthorized transaction approvals likely obtained via social engineering rather than a flaw in Drift’s smart contracts. Funds across the platform’s borrow, lend, vault, and trading features were affected. Drift is now collaborating with security firms, exchanges, bridges, and law enforcement to trace and freeze stolen assets while preparing a detailed incident report.
Blockchain security firm Elliptic and other researchers have linked the attack to North Korean hackers, citing on-chain behavior, laundering techniques, and network indicators consistent with previous DPRK-attributed operations. If confirmed, this would mark the 18th North Korea-linked crypto theft tracked by Elliptic in 2024, with over $300 million stolen so far this year. The U.S. has previously accused Pyongyang of using stolen cryptocurrency to fund its military programs.
The tactics resemble those used in last summer’s $1.5 billion Bybit hack, reinforcing concerns about North Korea’s growing role in large-scale crypto heists. The incident follows another recent supply-chain attack on the Axios library, also attributed to North Korean actors by Google, Microsoft, and CrowdStrike.
Source: https://therecord.media/drift-crypto-confirms-280-million-stolen-north-korea
Drift cybersecurity rating report: https://www.rankiteo.com/company/driftai
"id": "DRI1775154232",
"linkid": "driftai",
"type": "Breach",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Cryptocurrency/Finance',
'name': 'Drift',
'type': 'DeFi Platform'}],
'attack_vector': ['Social Engineering',
'Pre-signed Transactions',
'Compromised Approval Processes'],
'date_detected': '2024-04-01',
'date_publicly_disclosed': '2024-04-03',
'description': 'Decentralized finance (DeFi) platform Drift confirmed a $280 '
'million security breach on Wednesday, attributing the '
'incident to a highly sophisticated attack involving the rapid '
'takeover of its security council’s administrative powers. The '
'attackers spent weeks preparing, executing the exploit '
'through pre-signed transactions and compromised approval '
'processes that bypassed withdrawal limits. Funds across the '
'platform’s borrow, lend, vault, and trading features were '
'affected.',
'impact': {'financial_loss': '$280 million',
'systems_affected': ['Borrow',
'Lend',
'Vault',
'Trading Features']},
'initial_access_broker': {'reconnaissance_period': 'Weeks'},
'investigation_status': 'Ongoing',
'motivation': 'Funding military programs',
'post_incident_analysis': {'root_causes': ['Social engineering',
'Compromised approval processes']},
'references': [{'source': 'Elliptic'}, {'source': 'Drift Post-Mortem'}],
'response': {'containment_measures': ['Tracing and freezing stolen assets'],
'law_enforcement_notified': 'Yes',
'third_party_assistance': ['Security Firms',
'Exchanges',
'Bridges',
'Law Enforcement']},
'threat_actor': 'North Korean Hackers',
'title': 'Drift DeFi Platform Hit by $280M Exploit Linked to North Korean '
'Hackers',
'type': 'Security Breach',
'vulnerability_exploited': 'Unauthorized transaction approvals'}