Drift Protocol lost at least $280 million after a threat actor seized Security Council administrative powers in a planned, timed operation. Blockchain intelligence firms Elliptic and TRM Labs linked the attack to North Korean (DPRK) tradecraft based on Tornado Cash usage, CarbonVote timing, cross-chain bridging patterns, and rapid laundering. #DriftProtocol #DPRK
Keypoints
- A threat actor drained at least $280M by taking control of Drift Protocolβs Security Council admin powers.
- Elliptic and TRM Labs attributed the operation to North Korean (DPRK) tradecraft based on multiple on-chain indicators.
- Attackers used durable nonce accounts, pre-signed transactions, and 2/5 multisig approvals to execute a timed takeover.
- The attacker added a malicious asset, removed withdrawal limits, and drained funds while Drift reports no smart contract flaws or compromised seed phrases.
- All protocol functions are frozen, DSOL and insurance funds are secured, and Drift is working with security firms, exchanges, and law enforcement.