North Korean state-sponsored hackers likely orchestrated a $286 million exploit of the Drift Protocol, a leading decentralized futures exchange on Solana, according to blockchain analytics firm Elliptic.
Elliptic’s report pinpointed key indicators consistent with prior DPRK operations, including premeditated staging, laundered funds moving across chains, and complex token-account fragmentation. These patterns reflect the group’s advanced techniques in crypto theft and asset conversion.
Drift’s native token dropped over 40% to $0.06 after the attack, which is the largest single theft this year. The firm noted this marks the eighteenth such incident tracked by Elliptic in 2026, totaling over $300 million stolen.
The hacking group reportedly uses stolen funds to finance North Korea’s weapons programs. A recent Chainalysis report highlighted a record $2 billion in crypto theft in 2025, including the $1.4 billion Bybit breach.
Elliptic stressed that modern laundering requires holistic cross-chain tracing capabilities. The firm emphasized that a centralized view of attacker activity-rather than isolated wallet scans-is essential to expose threats.
This incident underscores growing security concerns in decentralized finance (DeFi) ecosystems and reinforces the need for enhanced investigative frameworks.