Elliptic: Drift attack incident suspected to be carried out by North Korean hacker group

BlockBeats message, April 2, according to CoinDesk, blockchain analytics firm Elliptic said Drift Protocol suffered losses of $285 million from an attack, with “multiple signs” pointing to the DPRK hacker group supported by North Korea. Elliptic focused on analyzing on-chain activity, money-laundering methods, and network-layer signals, all of which match previous state-linked attacks. Elliptic’s report stated: “If confirmed, this will be the 18th DPRK attack operation Elliptic has tracked this year, with more than $300 million stolen to date.”

On the technical side, Elliptic described the attack as “premeditated, carefully planned.” Ahead of the main attack, there were early test transactions and wallets that had been prepared in advance. After the attack was carried out, the funds were quickly consolidated and transferred via cross-chain routes, converted into higher-liquidity assets, and resulted in a set of organized, repeatable money-laundering processes designed to obscure the source of funds while maintaining control.

The incident involved more than ten asset types. Funds moved from Solana across chains to Ethereum and other networks, further highlighting the importance of cross-chain tracing capabilities. Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain. Since the token was hit by the hacker attack, it has fallen by more than 40% to about $0.06.