Latest crypto hack sees thieves make off with $280 million from Solana DeFi platform Drift

“Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the company announced on X. A durable nonce is a tool used on Solana used to avoid transaction expirations. 

The blockchain analytics firm Elliptic says that the on-chain behavior is consistent with previous North Korea-backed crimes. The Kim Jong Un-led nation is no stranger to perpetrating crypto crime. In 2025, the country was responsible for $2 billion of stolen crypto, equivalent to about 60% to all the digital asset funds stolen around the world, according to blockchain analytics firm Chainalysis.  Last year, North Koreans executed a nearly $1.5 billion hack of Bybit in the largest crypto attack in history. 

Hackers from North Korea often use social engineering, when they manipulate people into trusting them to get private information, but that wasn’t exactly the case in this most recent Drift attack. This instance involved the use of a durable nonce, which is a Solana feature, to dupe the company’s security council into pre-approving transactions that would happen weeks later, according to Coindesk. The platform suspended deposits and withdrawals for its customers. 

Drift, founded by Cindy Leow and David Lu in 2021, provides perpetual futures and other trading products to its users. The company had over $400 million in total deposits and more than $19 million in total trades, according to its website. 

Big crypto companies are not the only ones susceptible to attacks by North Koreans. Fortune crypto reporter Ben Weiss was also targeted by the DPRK. The malicious actor hacked into Weiss’s contact’s Telegram, arranged a video call with him, and attempted to run a script on his computer to get his passwords.