{"id":8129,"date":"2026-04-06T09:16:37","date_gmt":"2026-04-06T09:16:37","guid":{"rendered":"https:\/\/cryptonews.uk.com\/?p=8129"},"modified":"2026-04-06T09:16:37","modified_gmt":"2026-04-06T09:16:37","slug":"drift-protocol-hack-revealed-as-months-long-social-engineering-operation","status":"publish","type":"post","link":"https:\/\/cryptonews.uk.com\/?p=8129","title":{"rendered":"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation"},"content":{"rendered":"<p><\/p>\n<div>\n<div id=\"blockquote-block_ee65f7477fe9e1e276c04191c9508595\" class=\"blockquote-container\" style=\"border-color: #5100fc\">\n<div class=\"blockquote-text\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Attackers spent six months infiltrating Drift Protocol via conferences, Telegram, and fake integrations before compromising developer environments and using Solana\u2019s durable nonce feature to pre-sign malicious transactions weeks in advance.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The exploit drained the JLP Delta Neutral vault of approximately US$155 million and emptied two additional vaults in roughly 10 minutes.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Blockchain analytics firm Elliptic attributed the attack to North Korean state actors, noting it was the 18th suspected DPRK-linked crypto operation of 2026.<\/span><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<p>This is social engineering (and a true dedication to crime) taken to another level.<\/p>\n<p>Turns out Drift Protocol disclosed that its US$280 million (AU$406 million) April 1 exploit was the culmination of a six-month social engineering operation, during which North Korean-linked attackers posed as a legitimate trading firm and systematically gained access to developer environments before pre-authorising the transactions that drained the platform.<\/p>\n<p>As Crypto News Australia reported, the protocol suspended operations immediately after the attack and shortly after its total value locked (TVL) fell from approximately US$550 million (AU$800 million) to under US$250 million (AU$375 million) within hours.<\/p>\n<p><strong>Related: Bitcoin ETFs Snap Outflow Streak with $1.3B Inflows in March<\/strong><\/p>\n<h2 class=\"wp-block-heading\" id=\"h-six-months-in-the-making\">Six Months In The Making<\/h2>\n<p>According to the post, the attackers began the infiltration roughly in November, building trust through appearances at crypto industry conferences, Telegram outreach, and fake protocol integration proposals.\u00a0<\/p>\n<p>The objective was access to developer machines, not smart contract vulnerabilities. Once inside developer environments, the group planted malicious tools that allowed them to pre-sign transactions using Solana\u2019s durable nonce feature.<\/p>\n<p>The attackers used Durable nonces to obtain two of the five multisig approvals required from Drift\u2019s Security Council (the threshold needed to authorise administrative changes) without those approvals being immediately actionable.\u00a0<\/p>\n<p>When triggered, the malicious transactions disabled the protocol\u2019s circuit breaker safety systems and handed administrative control to the attacker, who drained the JLP Delta Neutral vault, the SOL Super Staking vault, and the BTC Super Staking vault within approximately 10 to 12 minutes.\u00a0<\/p>\n<div id=\"blockquote-block_aa6a0b990f2a36f25c2292833479316e\" class=\"blockquote-container variant-personal\">\n<div class=\"blockquote-text\">\n<p><em>They were technically fluent, had verifiable professional backgrounds, and were familiar with how Drift operated. A Telegram group was established upon the first meeting, and what followed were months of substantive conversations around trading strategies and potential vault integrations. These interactions are typical of how trading firms interact and onboard with Drift.<\/em><\/p>\n<\/div>\n<div class=\"blockquote-attribution\">\n        <img decoding=\"async\" class=\"author-image lazyload\" src=\"https:\/\/cdn.cryptonews.com.au\/2026\/04\/03155458\/Drift-Protocol.jpg\"\/><img decoding=\"async\" src=\"https:\/\/cdn.cryptonews.com.au\/2026\/04\/03155458\/Drift-Protocol.jpg\" class=\"author-image\" data-eio=\"l\"\/>        Drift Protocol    <\/div>\n<\/div>\n<p>Blockchain analytics firm Elliptic confirmed the attack bore \u201cmultiple indicators\u201d consistent with DPRK tradecraft, including on-chain behaviour patterns and laundering methodologies matching prior North Korean operations.<\/p>\n<p><strong>Related: Bitcoin Treasury Sell-Off Sparks Fears of Crypto Contagion<\/strong><\/p>\n<\/p><\/div>\n<p>Blockchain,Drift Protocol,Hackers#Drift #Protocol #Hack #Revealed #MonthsLong #Social #Engineering #Operation1775466997<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Attackers spent six months infiltrating Drift Protocol via conferences, Telegram, and fake integrations before compromising developer environments and using Solana\u2019s durable nonce feature to pre-sign malicious transactions weeks in advance. The exploit drained the JLP Delta Neutral vault of approximately US$155 million and emptied two additional vaults in roughly 10 minutes. Blockchain analytics firm Elliptic<\/p>\n","protected":false},"author":1,"featured_media":8130,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[2314,3821,652,3820,3822,131,3819,572],"class_list":{"0":"post-8129","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-bitcoin","8":"tag-drift","9":"tag-engineering","10":"tag-hack","11":"tag-monthslong","12":"tag-operation","13":"tag-protocol","14":"tag-revealed","15":"tag-social"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.6 (Yoast SEO v26.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Drift Protocol Hack Revealed as Months-Long Social Engineering Operation - Crypto News: Latest Cryptocurrency News and Analysis<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptonews.uk.com\/?p=8129\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation\" \/>\n<meta property=\"og:description\" content=\"Attackers spent six months infiltrating Drift Protocol via conferences, Telegram, and fake integrations before compromising developer environments and using Solana\u2019s durable nonce feature to pre-sign malicious transactions weeks in advance. The exploit drained the JLP Delta Neutral vault of approximately US$155 million and emptied two additional vaults in roughly 10 minutes. Blockchain analytics firm Elliptic\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptonews.uk.com\/?p=8129\" \/>\n<meta property=\"og:site_name\" content=\"Crypto News: Latest Cryptocurrency News and Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-06T09:16:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.cryptonews.com.au\/2026\/04\/03155458\/Drift-Protocol.jpg\" \/>\n<meta name=\"author\" content=\"\u884c\u653f\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u884c\u653f\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129\",\"url\":\"https:\/\/cryptonews.uk.com\/?p=8129\",\"name\":\"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation - Crypto News: Latest Cryptocurrency News and Analysis\",\"isPartOf\":{\"@id\":\"https:\/\/cryptonews.uk.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage\"},\"thumbnailUrl\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg\",\"datePublished\":\"2026-04-06T09:16:37+00:00\",\"author\":{\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf\"},\"breadcrumb\":{\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptonews.uk.com\/?p=8129\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage\",\"url\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg\",\"contentUrl\":\"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg\",\"width\":1920,\"height\":1076},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptonews.uk.com\/?p=8129#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptonews.uk.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptonews.uk.com\/#website\",\"url\":\"https:\/\/cryptonews.uk.com\/\",\"name\":\"Crypto News: Latest Cryptocurrency News and Analysis\",\"description\":\"Latest Crypto &amp; Bitcoin News\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cryptonews.uk.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf\",\"name\":\"\u884c\u653f\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptonews.uk.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g\",\"caption\":\"\u884c\u653f\"},\"sameAs\":[\"http:\/\/demo3.aiwalls.com\/coinbase\"],\"url\":\"https:\/\/cryptonews.uk.com\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation - Crypto News: Latest Cryptocurrency News and Analysis","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptonews.uk.com\/?p=8129","og_locale":"en_US","og_type":"article","og_title":"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation","og_description":"Attackers spent six months infiltrating Drift Protocol via conferences, Telegram, and fake integrations before compromising developer environments and using Solana\u2019s durable nonce feature to pre-sign malicious transactions weeks in advance. The exploit drained the JLP Delta Neutral vault of approximately US$155 million and emptied two additional vaults in roughly 10 minutes. Blockchain analytics firm Elliptic","og_url":"https:\/\/cryptonews.uk.com\/?p=8129","og_site_name":"Crypto News: Latest Cryptocurrency News and Analysis","article_published_time":"2026-04-06T09:16:37+00:00","og_image":[{"url":"https:\/\/cdn.cryptonews.com.au\/2026\/04\/03155458\/Drift-Protocol.jpg","type":"","width":"","height":""}],"author":"\u884c\u653f","twitter_card":"summary_large_image","twitter_misc":{"Written by":"\u884c\u653f","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/cryptonews.uk.com\/?p=8129","url":"https:\/\/cryptonews.uk.com\/?p=8129","name":"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation - Crypto News: Latest Cryptocurrency News and Analysis","isPartOf":{"@id":"https:\/\/cryptonews.uk.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage"},"image":{"@id":"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage"},"thumbnailUrl":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg","datePublished":"2026-04-06T09:16:37+00:00","author":{"@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf"},"breadcrumb":{"@id":"https:\/\/cryptonews.uk.com\/?p=8129#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptonews.uk.com\/?p=8129"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptonews.uk.com\/?p=8129#primaryimage","url":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg","contentUrl":"https:\/\/cryptonews.uk.com\/wp-content\/uploads\/2026\/04\/122624CRHA.jpeg","width":1920,"height":1076},{"@type":"BreadcrumbList","@id":"https:\/\/cryptonews.uk.com\/?p=8129#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptonews.uk.com\/"},{"@type":"ListItem","position":2,"name":"Drift Protocol Hack Revealed as Months-Long Social Engineering Operation"}]},{"@type":"WebSite","@id":"https:\/\/cryptonews.uk.com\/#website","url":"https:\/\/cryptonews.uk.com\/","name":"Crypto News: Latest Cryptocurrency News and Analysis","description":"Latest Crypto &amp; Bitcoin News","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cryptonews.uk.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/822778c5844e0d16d43dce6630f4f1bf","name":"\u884c\u653f","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptonews.uk.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e4c2d23409b09e004cef3facbe677e95c5401f9e29680f3a311e0130c5748089?s=96&d=mm&r=g","caption":"\u884c\u653f"},"sameAs":["http:\/\/demo3.aiwalls.com\/coinbase"],"url":"https:\/\/cryptonews.uk.com\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts\/8129","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8129"}],"version-history":[{"count":0,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/posts\/8129\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=\/wp\/v2\/media\/8130"}],"wp:attachment":[{"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptonews.uk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}