Blockchain analytics firm Elliptic’s latest analysis suggested that actors linked to the Democratic People’s Republic of Korea (DPRK) may be behind the Drift Protocol hack.
The report highlighted that the hacker zeroed in on three primary vaults. This included the JLP Delta Neutral, SOL Super Staking, and BTC Super Staking.
Notably, the wallet used in the attack had been set up approximately eight days prior to the incident. It also received a minor test transaction from a Drift vault, pointing to a methodically planned operation.
Stolen assets were then swapped into USDC and bridged cross-chain from Solana to Ethereum.
“The on-chain behavior, laundering methodologies, and network-level indicators associated with the attack are consistent with techniques observed in previous DPRK-attributed operations,” the report read.
TRM Labs’ investigation also pointed to North Korean hackers. It flagged multiple signals that aligned with tactics commonly associated with North Korean operations.
“The use of Tornado Cash for initial staging, the deployment timing of the CarbonVote token at 09:30 Pyongyang time, the cross-chain bridging patterns, and the speed and scale of post-hack laundering — all of which align closely with techniques observed in prior DPRK-attributed hacks, including the Bybit exploit of 2025.”
The April 1 attack on the Solana (SOL)-based perpetual futures platform ranks as the largest Decentralized Finance (DeFi) hack of 2026. The fallout continues to spread, with reports that the number of affected projects has now jumped to 20.
Follow us on X to get the latest news as it happens
If confirmed, this incident would mark the 18th DPRK-linked act Elliptic has tracked in 2026, pushing the year’s total losses beyond $300 million. These actors have reportedly stolen over $6.5 billion in crypto assets in recent years, according to Elliptic.
A Chainalysis report found that North Korean hackers stole a record $2.02 billion in 2025 alone, a 51% year-over-year increase driven largely by the $1.5 billion Bybit breach.
