Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea

Steven

Drift crypto platform confirms $280 million stolen in hack as researchers point finger at North Korea

Summary

Decentralised finance platform Drift confirmed that $280 million was withdrawn in a sophisticated security incident. The company says attackers executed a “novel attack” by rapidly taking over its security council administrative powers and using pre-signed transactions plus social-engineered approvals to remove withdrawal limits and drain funds.

The compromise appears to have been prepared from 23 March and executed on 1 April through two pre-signed transactions. Drift stated there was no bug in its smart contracts; instead the breach stemmed from unauthorised or misrepresented transaction approvals. Drift is coordinating with security firms, bridges, exchanges and law enforcement and will publish a fuller post-incident report.

Blockchain security firm Elliptic and several other researchers pointed to North Korean-linked actors, citing on-chain behaviour, laundering methods and network indicators consistent with previous DPRK operations. If confirmed, Elliptic says this would be another DPRK-linked theft this year, adding to a broader pattern of state-linked crypto thefts.

Key Points

  • Drift confirms $280m stolen from its borrow/lend features, vaults and trading deposits after a security council takeover.
  • Attack used pre-signed (delayed) transactions and compromised approval processes to bypass withdrawal limits.
  • Drift attributes the incident to sophisticated social engineering rather than a smart contract vulnerability.
  • Preparations began on 23 March; attackers executed two pre-signed transactions on 1 April.
  • Elliptic and independent researchers have pointed to North Korean (DPRK) links based on laundering patterns and on-chain indicators.
  • Drift is working with security firms, exchanges, bridges and law enforcement to trace and freeze assets and will publish a detailed report.

Why should I read this

Short version: this is a big, messy reminder that DeFi is no playground — state-linked hackers are still scaling up and using clever social-engineering tricks to beat governance controls. If you work in crypto ops, risk or compliance, or you hold funds on DeFi platforms, this one matters. It shows how non-code routes (approvals, admin panels, governance processes) can be exploited, and why bridges and exchanges are critical chokepoints in laundering chains.

Source

Source: https://therecord.media/drift-crypto-confirms-280-million-stolen-north-korea