In a shocking turn of events, blockchain analysts have traced a massive $286 million hack of the Drift Protocol to North Korean cybercriminals. This incident, which occurred on a Wednesday, has raised significant alarm within the crypto community, particularly as it follows a pattern of high-profile breaches linked to the Democratic People’s Republic of Korea (DPRK). Security research firm Cyvers has highlighted the similarities between this exploit and the notorious Bybit exchange hack of 2025, where North Korean hackers reportedly pilfered between $1.4 billion and $1.5 billion in cryptocurrencies.
According to Cyvers, the Drift Protocol hack involved a technique that deceived multisignature signers into approving malicious transactions, a tactic reminiscent of previous exploits involving North Korean actors. “The attackers manipulated legitimate signers into approving malicious transactions without realizing it,” explained Deddy Lavid, CEO and Co-Founder of Cyvers. This sophisticated method of social engineering has become a hallmark of DPRK’s cyber operations, which are suspected to fund the nation’s controversial weapons programs.
Drift Protocol, a non-custodial trading platform that allows leveraged trading without expiry dates, reported the breach after blockchain investigators flagged the unauthorized withdrawal of funds. The hack comes on the heels of another significant breach in the decentralized finance space, with Balancer losing $128 million just months prior. The attack on Drift has prompted critical scrutiny of Circle, the issuer of USDC, which was used extensively in the hack. Critics, including blockchain investigator ZachXBT, lambasted Circle for its sluggish response, claiming that the firm failed to freeze the funds despite the attackers laundering them through various channels over the course of six hours.
Circle has the capability to freeze transactions via its smart contract but has faced backlash for not acting promptly. The incident serves as a stark reminder of the vulnerabilities present in the crypto ecosystem, particularly as decentralized finance platforms continue to attract both legitimate users and malicious actors. As investigations unfold, the crypto community is left grappling with the implications of such large-scale attacks and the ongoing threat posed by state-sponsored hacking initiatives.