Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
North Korea’s Lazarus Hacker Group Implicated in Drift Protocol Exploit: Solana DeFi Ecosystem Targeted

North Korea’s Lazarus Hacker Group Implicated in Drift Protocol Exploit: Solana DeFi Ecosystem Targeted

Author:
Cryptopolitan
Published:
2026-04-03 11:35:57
7
3

Analysts implicate North Korea's Lazarus hacker group in Drift Protocol exploit

Security analysts have issued urgent warnings after tracing the recent Drift Protocol exploit to North Korea's notorious Lazarus Group, the same state-sponsored hackers responsible for the historic $1.4B Bybit and Ronin bridge heists. The sophisticated attack compromised multiple DeFi applications across the Solana ecosystem, with new forensic analysis from DivergSec, Elliptic, and TRM Labs revealing the attackers breached the protocol's newly migrated multisig wallets within just three days, executing pre-signed transactions ahead of the April 1st exploit.

Drift Protocol sends message to exploiters

Drift Protocol announced that critical information about the involved parties has been discovered. The team sent messages to the four identified wallets currently holding the proceeds of the hack. 

Critical information of parties related to the exploit have been identified. Drift is now sending an on-chain message from 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105 to the ETH Wallets that holds the stolen funds.

Wallet 1: 0xAa843eD65C1f061F111B5289169731351c5e57C1 (Timestamp…

— Drift (@DriftProtocol) April 3, 2026

The message suggested Drift Protocol may have known the identity of the hackers. The community speculates about possible insider access or project infiltration. Despite this, Drift Protocol was still criticized for having a zero timelock on protocol-level changes, allowing the exploiter to drain liquidity immediately.

Drift Protocol spread contagion to the Solana economy

Drift Protocol retains $232M in value locked, down from over $550M. Multiple protocols that used Drift for yield have had their funds stolen or frozen in whole or in part. 

SOL recovered above $80 after a brief dip in response to the hack. 

The hack affected Reflect Money for its USD+ farming yield. DeFi Carrot lost 50% of its TVL in Drift, and CRT tokens were also affected. Ranger Finance was exposed through rUSD. PiggybankFi lost $106K from deposits into Drift Protocol. 

Project0 paused loans against Drift vaults. Other projects, including Pyra, which lost all its funds, and XPlace, which mainly used Drift for yield. Elemental DeFi was only exposed through a USDC vault. 

Some of the protocols only had their funds on hold until security is improved. Eleven projects were affected so far, not counting the general sentiment repercussions and loss of trust in DeFi lending. 

A total of 35 DeFi protocols have been exploited in 2026 to date, with an accelerating trend and more organized attacks. 

Around $453M was extracted from DeFi, showing it is still a high-risk sector. The hacks undermine the narrative that DeFi would be a suitable way to gain yield with minimal risk. 

If you're reading this, you’re already ahead. Stay there with our newsletter.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.