Blockchain analytics firm Elliptic’s latest analysis suggested that actors linked to the Democratic People’s Republic of Korea (DPRK) may be behind the Drift Protocol hack.
The report highlighted that the hacker zeroed in on three primary vaults. This included the JLP Delta Neutral, SOL Super Staking, and BTC Super Staking.
Notably, the wallet used in the attack had been set up approximately eight days prior to the incident. It also received a minor test transaction from a Drift vault, pointing to a methodically planned operation.
Stolen assets were then swapped into USDC and bridged cross-chain from Solana to Ethereum.
TRM Labs’ investigation also pointed to North Korean hackers. It flagged multiple signals that aligned with tactics commonly associated with North Korean operations.
The April 1 attack on the Solana (SOL)-based perpetual futures platform ranks as the largest Decentralized Finance (DeFi) hack of 2026. The fallout continues to spread, with reports that the number of affected projects has now jumped to 20.
Follow us on X to get the latest news as it happens
If confirmed, this incident would mark the 18th DPRK-linked act Elliptic has tracked in 2026, pushing the year’s total losses beyond $300 million. These actors have reportedly stolen over $6.5 billion in crypto assets in recent years, according to Elliptic.
A Chainalysis report found that North Korean hackers stole a record $2.02 billion in 2025 alone, a 51% year-over-year increase driven largely by the $1.5 billion Bybit breach.
The post Is North Korea Behind the Drift Protocol Hack? Here’s What the Data Shows appeared first on BeInCrypto.
Source: https://beincrypto.com/drift-protocol-hack-north-korea-elliptic/
