Elliptic: Drift attack incident suspected to be carried out by North Korean hacker group

ME News report: On April 2 (UTC+8), blockchain analytics firm Elliptic said Drift Protocol suffered an attack resulting in a loss of $285 million, with “multiple signs” pointing to a DPRK hacking group supported by North Korea. Elliptic focused on analyzing on-chain activity, money-laundering methods, and network-layer signals, all of which matched previously observed attacks linked to states. The Elliptic report said: “If confirmed, this would be the 18th DPRK attack action Elliptic has tracked this year, with more than $300 million stolen to date.”

From a technical perspective, Elliptic described the attack as “premeditated and meticulously planned.” Prior to the main attack, there were early test transactions and pre-deployed wallets. After the attack was carried out, the funds were quickly consolidated and transferred across chains, converted into assets with higher liquidity, forming an organized and repeatable money-laundering process designed to obscure the source of funds while maintaining control. The incident involved more than ten types of assets. Funds were transferred cross-chain from Solana to Ethereum and other chains, further underscoring the importance of cross-chain traceability. Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain, and its token has fallen by more than 40% to about $0.06 since the hack. (Source: ChainCatcher)