Elliptic Links $285 Million Drift Protocol Hack to DPRK-Backed Hackers

Blockchain analytics firm Elliptic said the Drift Protocol hack caused losses of $285 million and cited "multiple indicators" suggesting involvement by a DPRK-affiliated group backed by North Korea, according to ChainCatcher, citing CoinDesk. Elliptic said its assessment is based on on-chain activity, money-laundering methods, and network-level signals consistent with patterns seen in prior state-linked attacks. Elliptic noted that if the attribution is confirmed, the incident would mark the 18th DPRK-related attack it has tracked this year, with stolen assets topping $300 million so far. The firm described the operation as "premeditated and meticulously planned," pointing to early test transactions and wallets positioned ahead of the main breach. After the hack, the stolen funds were quickly consolidated, moved across chains, and converted into more liquid assets through what Elliptic characterized as a structured, repeatable laundering process designed to mask origins while preserving control. The theft involved more than ten asset types, with assets bridged from Solana to Ethereum and other networks, highlighting the need for cross-chain traceability. Drift Protocol is the largest decentralized perpetuals trading platform on Solana. Since the incident, its token has fallen more than 40% to around $0.06.