BREAKINGBy Xavier Rivera· ·1.5 min read
North Korea Pilfers $285M in Largest DeFi Hack Yet
North Korean hackers stole $285 million from Solana DeFi platform Drift via a token minting exploit. The record heist highlights DeFi's ongoing smart contract vulnerabilities amid $3.7 billion in losses this year, threatening user trust and ecosystem growth.
Source:Decrypt
Hackers linked to North Korea drain $285 million from Drift, a Solana-based perpetuals exchange, in the most audacious DeFi exploit of recent years. The attack, detected on October 22, exploited a vulnerability in Drift's token program, allowing attackers to mint 11 million USDC and siphon funds across multiple wallets before bridging to Ethereum.
Drift, which boasts over $1.2 billion in total value locked, halted trading immediately and is offering a 10% bounty for return of funds. Attribution falls to the Lazarus Group, North Korea's notorious cyber outfit responsible for $3 billion in crypto thefts since 2017, including the $600 million Ronin bridge heist. This breach underscores persistent smart contract flaws in high-stakes DeFi protocols.
Solana's ecosystem takes another hit, following earlier outages and exploits like the $100 million Mango Markets manipulation. Drift's market share in Solana perps—around 20%—means liquidity dries up fast, spooking traders and developers. The hack exposes how oracle price feeds and admin key vulnerabilities remain DeFi's Achilles' heel, despite billions poured into audits.
Broader crypto security lags: DeFi hacks have claimed $3.7 billion this year alone, per Chainalysis. Protocols like Drift, leaning on Solana's speed for leverage trading, amplify risks when code falters under pressure. Users face total loss on leveraged positions, eroding trust in yield-chasing platforms.
Recovery efforts intensify, with Drift v2 launching sans the flawed token logic. Expect heightened scrutiny on Solana projects, more insurance wrappers like Nexus Mutual, and regulators circling centralized exchanges handling bridged funds. If Lazarus cashes out, it funds more attacks—keeping DeFi in perpetual defense mode.
Drift, which boasts over $1.2 billion in total value locked, halted trading immediately and is offering a 10% bounty for return of funds. Attribution falls to the Lazarus Group, North Korea's notorious cyber outfit responsible for $3 billion in crypto thefts since 2017, including the $600 million Ronin bridge heist. This breach underscores persistent smart contract flaws in high-stakes DeFi protocols.
Solana's ecosystem takes another hit, following earlier outages and exploits like the $100 million Mango Markets manipulation. Drift's market share in Solana perps—around 20%—means liquidity dries up fast, spooking traders and developers. The hack exposes how oracle price feeds and admin key vulnerabilities remain DeFi's Achilles' heel, despite billions poured into audits.
Broader crypto security lags: DeFi hacks have claimed $3.7 billion this year alone, per Chainalysis. Protocols like Drift, leaning on Solana's speed for leverage trading, amplify risks when code falters under pressure. Users face total loss on leveraged positions, eroding trust in yield-chasing platforms.
Recovery efforts intensify, with Drift v2 launching sans the flawed token logic. Expect heightened scrutiny on Solana projects, more insurance wrappers like Nexus Mutual, and regulators circling centralized exchanges handling bridged funds. If Lazarus cashes out, it funds more attacks—keeping DeFi in perpetual defense mode.
CryptoHacksDeFiSolanaNorth Korea