Drift Protocol Reveals $285 Million Hack Linked to 6-Month North Korean Intelligence Operation
The Solana-based perpetual futures protocol Drift disclosed that a sophisticated six-month intelligence operation connected to North Korean actors exploited a compromised AWS signing key to steal approximately $285 million from storage pools and mint 80 million counterfeit USR tokens.
Key Points
- North Korean-linked hackers conducted 6-month operation before executing $285 million hack
- Attackers gained control of privileged AWS signing key to access storage pools
- Nearly 80 million counterfeit USR tokens minted against minimal collateral
- $25 million successfully cashed out by the attackers
Full Details
The team behind Drift, a Solana-based crypto protocol for perpetual futures trading, revealed detailed findings about a hack that occurred on April 1. The investigation uncovered a six-month intelligence operation run by a criminal hacking group connected to the North Korean regime. The attackers exploited a privileged AWS signing key to access Drift's storage pools, which held stablecoins like USDC along with JLP, SOL, and other crypto assets. The breach resulted in approximately $285 million in losses. Additionally, the attackers minted nearly 80 million new USR tokens against only a few hundred thousand dollars in actual collateral and cashed out about $25 million. Questions have been raised about the Drift team's security practices, specifically why a protocol managing hundreds of millions in assets would allow downloads of unvetted apps like TestFlight wallets onto hardware tied to multi-signature access.
Why It Matters
This incident highlights the increasing sophistication of state-sponsored crypto attacks and raises serious questions about security practices at DeFi protocols, particularly regarding hardware security and access management for multi-signature systems.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Finance & Markets
Trump praises Hungary PM Viktor Orbán after Vance calls him at Budapest rally
Vance said he was not there to tell Hungarians how to vote, but later told them to "go to the polls" and "stand with Viktor Orbán, because he stands for you."
Anthropic limits Mythos AI rollout over fears hackers could use model for cyberattacks
Microsoft, Amazon, Apple, CrowdStrike, Palo Alto Networks and others will use the model as part of a new cybersecurity initiative called Project Glasswing.
Apple shares sink on report of foldable iPhone delays
The company is reportedly facing engineering challenges in the development of the foldable phones, which are anticipated to launch later this year.
Strait of Hormuz blockage upends global helium supply. This U.S. company could benefit
A major disruption in the Strait of Hormuz has halted helium shipments from Qatar, which normally supplies about one-third of the global market. This has created a severe supply shock for an industrial gas essential to semiconductor fabrication, MRI machines, and fiber optic cable production. Among the three largest global suppliers, the market has reacted sharply: Air Liquide and Linde are seeing their stock prices fall due to their exposure to the Middle East supply line. In contrast, Air Prod