Drift Protocol infiltrated by hackers for 6 months via social engineering

DeFi platform Drift Protocol suffered a major security breach after a six-month social engineering campaign by a North Korean state-backed group.

Cybersecurity firms Mandiant and SEAL911 are now investigating the full scope of the state-backed operation, according to a statement released on April 5, 2026.

The attackers spent six months infiltrating the Solana-based DeFi protocol, using social engineering tactics to gain access before executing the exploit. Specific details on the amount of funds lost or the impact on Drift's Total Value Locked (TVL) have not yet been disclosed.

The incident highlights a significant threat to the DeFi space, where sophisticated, long-term attacks can bypass even robust security audits. The breach could erode user trust in Drift Protocol, potentially leading to a sharp decline in its token value and significant liquidity withdrawals, while also prompting a security re-evaluation across competing protocols.

The attack on Drift Protocol, a prominent decentralized exchange on the Solana blockchain, was not a simple exploit but a meticulously planned, multi-stage operation. According to investigators, the North Korean-linked group dedicated half a year to building trust and identifying vulnerabilities within the organization, a method that stands in stark contrast to the more common flash loan attacks or smart contract exploits seen in the DeFi sector.

Mandiant, a leading cybersecurity firm now part of Google Cloud, and SEAL911, a white-hat group specializing in crypto security, are jointly handling the investigation. Their involvement points to the severity of the breach and the sophisticated nature of the threat actor, which has been previously linked to other major cyberattacks in the financial and crypto industries. The investigation will focus on tracing the stolen assets and understanding the attackers' methods to prevent future incidents at other DeFi platforms like Jupiter or Jito.

For the broader DeFi market, this serves as a critical warning. The market sentiment for Drift is currently bearish, with the potential impact extending beyond a single protocol. The event forces other platforms on high-speed blockchains like Solana and Ethereum to reconsider their internal security postures, moving beyond smart contract audits to include rigorous defenses against long-term social engineering threats.

This article is for informational purposes only and does not constitute investment advice.