Close Menu
    What's Hot

    Smoke From Canada’s Wildfires Turns Skies Sickly Orange Across the Eastern US

    Payments group Stripe swoops for Silicon Valley stalwart PayPal

    Trump Administration to Impose New Tariffs on Brazil

    Facebook X (Twitter) Instagram
    Trending
    • Smoke From Canada’s Wildfires Turns Skies Sickly Orange Across the Eastern US
    • Payments group Stripe swoops for Silicon Valley stalwart PayPal
    • Trump Administration to Impose New Tariffs on Brazil
    • ‘More bad news’ for people struggling with energy bills: AI data centers are driving costs even higher
    • Inside Maine Democrats’ Search for a New Senate Nominee After Graham Platner’s Exit
    • Iranian American Woman Held in Iran on Spying Charges Is Released
    • Why Greylock capped its new fund at $1.5B when it says it could have raised more
    • Elevra Lithium Limited (ELVR) Shareholder/Analyst Call Transcript
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

    adminBy adminApril 3, 2026No Comments4 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Drift Loses 5 Million in Durable Nonce Social Engineering Attack Linked to DPRK
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Drift Loses 5 Million in Durable Nonce Social Engineering Attack Linked to DPRK

    Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026.

    “Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable nonces, resulting in a rapid takeover of Drift’s Security Council administrative powers,” the company said in a series of posts on X.

    “This was a highly sophisticated operation that appears to have involved multi-week preparation and staged execution, including the use of durable nonce accounts to pre-sign transactions that delayed execution.”

    Drift noted that the attack did not exploit a vulnerability in its programs or smart contracts, and that there is no evidence of compromised seed phrases. Rather, the breach is said to have “involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” it explained.

    To that end, the threat actors obtained sufficient multi-signature (multisig) approvals and executed a malicious admin transfer within minutes to gain control of protocol-level permissions, ultimately leveraging it to “introduce a malicious asset and remove all pre-set withdrawal limits, attacking existing funds.”

    Cybersecurity

    According to a timeline of events shared by Drift, preparations for the hack were underway as early as March 23, 2026. The company said it’s coordinating with multiple security firms to determine the cause of the incident, adding it’s working with bridges, exchanges, and law enforcement to trace and freeze the stolen assets.

    A PIF Research Labs analysis reveals that the assets were drained within 10 seconds. “From first withdrawal (41.72M JLP at 16:06:09) to last primary withdrawal (2,200 wETH at 16:06:19),” it said. “The major vaults were emptied in the time it takes to send a text.”

    In separate reports published Thursday, both Elliptic and TRM Labs said there are on-chain indications that North Korean crypto thieves may be behind the cryptocurrency heist.

    This included the use of Tornado Cash for initial staging, as well as the cross-chain bridging patterns and the speed and scale of post-hack laundering that are consistent with hacks previously attributed to North Korean threat actors, including the massive Bybit exploit of 2025.

    “The critical vulnerability was not a smart contract bug but a combination of social engineering multisig signers into pre-signing hidden authorizations and a zero-timelock Security Council migration that eliminated the protocol’s last line of defense,” TRM Labs said.

    “The attacker manufactured an entirely fictitious asset — CarbonVote Token — with a few thousand dollars in seeded liquidity and wash trading, and Drift’s oracles treated it as legitimate collateral worth hundreds of millions of dollars.”

    The blockchain intelligence firm also pointed out that the CarbonVote Token was deployed at 09:30 Pyongyang time.

    Elliptic, in its own analysis of the security incident, said the on-chain behavior, laundering methodologies, and network-level indicators align with known tradecraft associated with threat actors from the Democratic People’s Republic of Korea (DPRK).

    The company also noted that, if confirmed, this incident “would represent the eighteenth DPRK act” it has tracked since the start of the year, with more than $300 million stolen to date.

    “It is a continuation of the DPRK’s sustained campaign of large-scale cryptoasset theft, which the US government has linked to the funding of its weapons programs,” Elliptic said. “DPRK-linked actors are believed to have stolen over $6.5 billion dollars in cryptoassets in recent years.”

    The North Korean cryptoasset theft operation is estimated to have netted a record $2 billion in 2025, out of which approximately $1.46 billion originated from the hack of Bybit in February 2025.

    Social engineering remains the primary initial access pathway through which these attacks are executed, leveraging persuasive personas and decoys to target the cryptocurrency and Web3 sectors through campaigns tracked as DangerousPassword (aka CageyChameleon, CryptoMimic, and CryptoCore) and Contagious Interview. As of late February 2026, the combined gains from the twin campaigns total $37.5 million this year.

    Cybersecurity

    “The DPRK’s cryptoasset theft operation is not a series of isolated incidents. It is a sustained, well-resourced campaign that is growing in scale and sophistication,” Elliptic said.

    “The evolution of the DPRK’s social engineering techniques, combined with the increasing availability of AI to refine and perfect these methods, means the threat extends well beyond exchanges. Individual developers, project contributors and anyone with access to cryptoasset infrastructure is a potential target.”

    The development coincides with the supply chain compromise of the popular Axios npm package, which multiple security vendors, including Google, Microsoft, CrowdStrike, and Sophos, have attributed to a North Korean hacking group called UNC1069, which overlaps with BlueNoroff, CryptoCore, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima.

    “This state-sponsored group focuses on generating revenue for the North Korean regime,” Sophos said. “The artifacts include identical forensic metadata and command-and-control (C2) patterns, as well as connections to malware exclusively used by Nickel Gladstone. Based on these artifacts, it is highly likely that Nickel Gladstone is responsible for the Axios attacks.”

    attack DPRK drift durable engineering linked loses million Nonce Social
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticlePollen Allergies Are Getting Worse Nationwide—Here’s How…
    Next Article AI animation studio Toonstar will turn books into digital shows for HarperCollins
    admin
    • Website

    Related Posts

    148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

    July 16, 2026

    Closing the Approval Gap in AI-Era Ad Tech

    July 16, 2026

    Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

    July 15, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Smoke From Canada’s Wildfires Turns Skies Sickly Orange Across the Eastern US

    Payments group Stripe swoops for Silicon Valley stalwart PayPal

    Trump Administration to Impose New Tariffs on Brazil

    ‘More bad news’ for people struggling with energy bills: AI data centers are driving costs even higher

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by