285 Million Drift Protocol Exploit Shows Signs of North KoreaLinked Hackers FinanceFeeds

pBlockchain analytics firm Elliptic said the 285 million exploit of Solanabased Drift Protocol shows multiple indicators associated with North Koreas statesponsored hacking groups The firms assessment is based on onchain behavior laundering patterns and networklevel signals that align with previous incidents attributed to DPRKlinked actorsppThe attack is the largest crypto exploit recorded this year Drift Protocol a decentralized perpetual futures exchange on Solana has seen its token fall more than 40 following the incident reflecting both immediate market impact and concerns over platform securityppIf confirmed this incident would represent the eighteenth DPRK act Elliptic has tracked this year with over 300 million stolen so far the report saidppElliptic added that the activity fits into a broader pattern of statelinked operations tied to crypto theft It is a continuation of the DPRKs sustained campaign of largescale cryptoasset theft which the US government has linked to the funding of its weapons programs DPRKlinked actors are believed to be responsible for billions of dollars in cryptoasset theft in recent years the firm saidppData from Arkham shows that more than 250 million was transferred from Drift Protocol to an interim wallet before being distributed across multiple addresses Elliptics analysis suggests the operation followed a structured laundering process designed to obscure the origin of funds while maintaining controlppThe activity appears premeditated with early test transactions and prepositioned wallets observed prior to the exploit Once executed funds were rapidly consolidated swapped into different assets and bridged across multiple blockchainsppThis sequence mirrors established laundering workflows seen in previous highprofile attacks where speed fragmentation and crosschain movement are used to complicate tracking effortsppElliptic points to Solanas account structure as a key factor in the difficulty of tracing activity Unlike accountbased models where assets are consolidated under a single address Solana stores each asset in separate token accounts creating a fragmented view of activityppThis fragmentation means that a single actors transactions can appear across multiple addresses making it harder to identify coordinated behavior without advanced clustering techniques Elliptic noted that without linking these accounts investigators may only see isolated fragments rather than a complete operational pictureppThe firm emphasized the importance of entitylevel clustering which connects related token accounts to a single actor This approach allows exposure to be tracked across multiple assets and addresses particularly in complex incidents involving numerous tokensppThe exploit also highlights the increasing role of crosschain activity in laundering operations Funds were moved from Solana to Ethereum and other networks reinforcing the need for tracing tools that operate across multiple blockchains rather than within isolated ecosystemsppElliptic described this requirement as the need for holistic crosschain tracing capabilities reflecting how attackers now rely on interoperability to distribute and obscure fundsppSeparate research from Chainalysis showed that DPRKlinked actors stole 2 billion in crypto in 2025 including a 14 billion breach tied to Bybit The US Treasury Department has stated that such activity is linked to funding North Koreas weapons programspp

pp
Subscribe
pp
Unit No BA857 DMCC Business Centre Level No 1 Jewellery Gemplex 3 Dubai United Arab Emirates pp
International House 10 Admirals Way London England E14 9XL p