- Drift Protocol misplaced $280 million as a result of its multisig signer machines have been compromised, not on account of a flaw in its sensible contract.
- This hack was made potential after North Korean attackers compromised two out of 5 multisig signers just a few weeks in the past.
- This hack has prompted requires stronger operational safety governance throughout the DeFi trade.
Ledger CTO Charles Guilmet stated North Korea-related attackers could also be behind the $280 million Drift Protocol hack of Solana. The exploit focused multisig signers utilizing social engineering, making it the most important DeFi hack of 2026 and elevating new operational safety issues.
Ledger CTO hyperlinks drift hacking to North Korean ways
On April 2, 2026, Ledger CTO linked the April 1, 2026 $280 million hack of Drift Protocol, a serious Solana perpetual DEX, to ways generally utilized by North Korean risk actors. The stolen property have been shortly transferred, exchanged for stablecoins, and partially buried, making it the most important DeFi hack of 2026 and one of many greatest in Solana.
In an in depth
“Much like final yr’s Bybit hack, that is extensively believed to be the work of risk actors linked to North Korea,” Guilme stated within the X put up. He described this sample as a affected person and complex provide chain stage compromise that targets the human and operational layers moderately than the sensible contract itself.
2 out of 5 multisig signer compromises are efficient hacks
The Drift Protocol Safety Council was managed by 2/5 Multisig, which was migrated only a week earlier than the exploit. This setup required approval from solely two of the 5 signers and featured a 0-second timelock, permitting accredited transactions to execute immediately.
In keeping with stories, the attackers tricked two signers into approving the malicious transaction. These approvals have been later carried out to manage administrative features.
Drift Protocol confirmed that this violation was not brought on by a flaw within the sensible contract. As a substitute, the attackers compromised signer gadgets and approval workflows over a number of weeks.
Solana DeFi safety debate intensifies
This hack sparked widespread safety dialogue throughout the Solana ecosystem. Specialists are calling for stronger multisig controls, {hardware} signing, and improved monitoring.
Main corporations have been fast to react to the hack, with BitMEX co-founder Arthur Hayes questioning whether or not Solana’s native multisig addresses might have prevented the breach, sparking a debate about protocol-level design and human components.
Following this incident, a number of Solana DeFi groups started reviewing their governance and multisig configurations. The trade is now centered on signer safety and operational safety to stop comparable assaults.
Associated: Bitrefill accuses North Korea-affiliated Lazarus Group of platform hacking
Disclaimer: The knowledge contained on this article is for informational and academic functions solely. This text doesn’t represent monetary recommendation or recommendation of any variety. Coin Version shouldn’t be answerable for any losses incurred on account of using the content material, merchandise, or providers talked about. We encourage our readers to do their due diligence earlier than taking any motion associated to our firm.