Elliptic: Drift attack suspected to be carried out by North Korean hackers

ME News update, April 2 (UTC+8). Blockchain analytics firm Elliptic said that Drift Protocol suffered losses of $285 million in an attack, and that “multiple indications” point to a DPRK hacker group supported by North Korea. Elliptic focused on on-chain activity, money-laundering methods, and network-layer signals, all of which match previously observed state-linked attacks. The Elliptic report said: “If confirmed, this will be the 18th DPRK attack operation Elliptic has tracked this year, with more than $300 million stolen to date.” On the technical side, Elliptic described the attack as “premeditated and meticulously planned,” noting that before the main attack, there were early test transactions and pre-arranged wallets. After the attack was carried out, the funds were quickly consolidated and transferred across chains, converted into higher-liquidity assets, and formed a structured, repeatable money-laundering process designed to both obfuscate the source of the funds while maintaining control. The incident involved more than ten types of assets. Funds were transferred cross-chain from Solana to Ethereum and other chains, further underscoring the importance of cross-chain traceability. Drift Protocol is the largest decentralized perpetual contract trading platform on the Solana blockchain. Since the token was hacked, it has fallen by more than 40% to around $0.06. (Source: ChainCatcher)