$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Drift, a Solana-based decentralized exchange, suffered a $285 million breach on April 1, 2026, attributed to a sophisticated six-month social engineering campaign by North Korean (DPRK) state-sponsored threat actors beginning in fall 2025. The attack exemplifies the extended operational timelines and advanced persistent threat capabilities of nation-state actors targeting the cryptocurrency ecosystem. Organizations operating in DeFi and crypto sectors must implement robust identity verification protocols, conduct regular security audits, train personnel on social engineering awareness, and establish enhanced monitoring for prolonged, multi-stage attack patterns to defend against similar high-impact incidents.

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the

Drift, a Solana-based decentralized exchange, suffered a $285 million breach on April 1, 2026, attributed to a sophisticated six-month social engineering campaign by North Korean (DPRK) state-sponsored threat actors beginning in fall 2025. The attack exemplifies the extended operational timelines and advanced persistent threat capabilities of nation-state actors targeting the cryptocurrency ecosystem. Organizations operating in DeFi and crypto sectors must implement robust identity verification protocols, conduct regular security audits, train personnel on social engineering awareness, and establish enhanced monitoring for prolonged, multi-stage attack patterns to defend against similar high-impact incidents. Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the