Solana co-founder Anatoly Yakovenko has described the latest Drift Protocol hack as “terrifying” after it was revealed that it was the results of a complicated social engineering assault that was pulled off by North Korean hackers.
As reported by U.In the present day, Drift Protocol was just lately drained of $270 million, which is the most important Solana hack to this point throughout the ecosystem. The protocol was compelled to halt all deposits and withdrawals, explicitly warning customers that the incident was not an April Fools’ joke.
Six months within the making
The report, which was just lately shared by Drift Protocol, has revealed that the dangerous actors behind the historic hack bodily stalked and socially engineered the builders in actual life. This required alarming persistence and sources.
‘Terrifying’: Solana Founder Reacts to Certainly one of Largest DeFi Hacks in Historical past
Shiba Inu (SHIB) By no means Left Downtrend, Midnight (NIGHT)’s Elementary Help Is In, What Are Three XRP Components Wanted for Bullish Reversal? Crypto Market Evaluate
The operation is closely suspected to be the work of a North Korean state-affiliated risk group.
Beginning in late 2025, third-party intermediaries (who weren’t North Korean nationals) bodily approached Drift contributors at main crypto conferences. The attackers, who boasted verifiable skilled backgrounds and technical fluency, posed as a quantitative buying and selling agency seeking to combine with the protocol.
You Would possibly Additionally Like
The pretend buying and selling agency onboarded an Ecosystem Vault on Drift between December 2025 and January 2026 and deposited greater than $1 million of their very own capital.
The attackers had managed to keep up the phantasm for half a 12 months. They have been working intently with Drift contributors via a number of working classes and assembly them face-to-face at varied worldwide conferences via February and March 2026.
By April, the attackers had efficiently established a trusted enterprise relationship. The Drift contributors didn’t suspect foul play when the group shared hyperlinks to tasks they claimed to be constructing.
One contributor cloned a code repository shared by the attackers. This repository possible contained a recognized vulnerability affecting the VSCode and Cursor textual content editors. A second contributor was satisfied to obtain a pretend TestFlight software.
The attackers scrubbed all of their Telegram chats and wiped the malicious software program after the profitable exploit.