Elliptic: Drift attack incident suspected to be carried out by North Korean hacker group

Golden Finance reports that blockchain analytics firm Elliptic says Drift Protocol suffered a $285 million loss in an attack, with “multiple signs” pointing to a DPRK hacker organization supported by North Korea. Elliptic focused on on-chain behavior, money-laundering methods, and network-layer signals, all of which match prior related attacks. The Elliptic report states: “If confirmed, this will be the 18th DPRK attack action Elliptic has tracked this year, with more than $300 million stolen to date.” On the technical level, Elliptic described the attack as “premeditated, carefully planned,” with early test transactions and pre-positioned wallets already in place before the main attack. After the attack was carried out, the funds were quickly consolidated and transferred across chains, converted into assets with higher liquidity, and formed a well-organized, repeatable money-laundering process intended to both obscure the source of funds and maintain control. This incident involved more than ten types of assets. Funds moved cross-chain from Solana to Ethereum and other networks, further highlighting the importance of cross-chain tracing capabilities. Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain. Since the token hack, it has fallen more than 40% to about $0.06.