import SponsorBlock from ”@/components/SponsorBlock.astro”;
DeFi’s Security Crisis: North Korea Strikes Again
North Korea just pulled off the most sophisticated DeFi heist in years, draining $285M from Drift protocol in a 12-minute exploit. This governance attack was months in the making, with attackers posing as a quantitative trading firm to build relationships with Drift contributors at major crypto conferences.
The setup started in October 2025 when attackers approached Drift contributors at a major crypto event. Over six months, they built real relationships with protocol insiders in person, attending multiple industry events. When the time came, they used that access to socially engineer multisig signers into pre-approving hidden transactions through Solana’s durable nonces feature.
Technical Implications: How it Happened
The attackers manufactured a fake token, CarbonVote (CVT), with a few thousand dollars in seeded liquidity and wash trading. They then used it to manipulate Drift’s price oracles into treating it as legitimate collateral worth hundreds of millions. This allowed them to drain vaults across 31 rapid withdrawals in 12 minutes.
Elliptic and TRM Labs flagged DPRK involvement, making this allegedly the 18th North Korean crypto attack of 2026, with over $300M stolen so far this year alone. Read Next: Bitcoin Options Expiry Looms Large Amid Geopolitical Tensions
Market Mechanics: The Fallout
The exploit has significant implications for the DeFi market, particularly for Solana-based protocols. The use of durable nonces and manipulation of price oracles raises concerns about the security of other protocols. As reported by Bloomberg, crypto hacks are on the rise, with DeFi protocols being the primary target.
Historical Context: North Korea’s Crypto Attacks
North Korea has a history of crypto attacks, with the infamous Wormhole hack in 2022 being one of the largest. The country’s involvement in crypto hacking is well-documented, with estimates suggesting that they have stolen over $1B in crypto assets since 2017.
The Drift protocol exploit is a wake-up call for the DeFi industry, highlighting the need for improved security measures and more robust protocols. As the industry continues to evolve, it’s essential to address these security concerns to prevent similar exploits in the future.