Solana DeFi Drift Hacked for $280 Million; Protocol Reaches Out to Attacker

Drift was exploited for approximately $280 million, draining over half the platform's total value locked.

The breach was enabled by misuse of Solana's durable nonce feature combined with social engineering against multisig signers.

@coindesk

Drift suspended all deposits and withdrawals and began coordinating with security firms.

Drift sent on-chain messages to four wallets believed to hold the stolen funds, seeking to open communication.

The attacker’s funds had been moved onto Ethereum after the initial Solana exploit.

ActuCrypto .info

As of 48 hours post-attack no funds had been recovered.

Elliptic flagged the operation as a suspected North Korean state attack.

“Drift Protocol has halted deposits and withdrawals after confirming it is experiencing an active attack, with early estimates suggesting losses could reach hundreds of millions of dollars”

AMBCrypto

This is the 18th suspected DPRK-linked crypto attack in 2026 alone.

North Korean actors stole about $2 billion in crypto in 2025.

The exploit centered on Solana's durable nonce transactions, a valid feature to prepare transactions in advance.

Drift confirmed the breach was not caused by a smart contract code failure.

Benzinga

The event underscores how security mechanisms and human factors can create novel risks.