Drift Goes On-Chain to Hunt $285M Exploit — Signals DPRK-Linked Hackers May Be Responsible
Drift, the Solana-based decentralized exchange that lost roughly $285 million in a major exploit earlier this week, publicly reached out to the wallets holding the stolen funds — not via email or lawyers, but with on-chain messages on Ethereum. In a post on X, Drift said it had sent messages from 0x0934faC45f2883dd5906d09aCfFdb5D18aAdC105 to four wallets believed to contain the stolen assets, including 0xAa843eD65C1f061F111B5289169731351c5e57C1, and wrote bluntly: “We are ready to speak.”
Drift’s outreach also said investigators have identified “critical information of parties related to the exploit,” and promised further updates once third‑party attributions are complete. The move makes the recovery attempt visible to anyone watching the blockchain — a common tactic in high‑profile DeFi thefts that sometimes leads to negotiations or pressure on intermediaries to freeze or return funds.
Why investigators are pointing at North Korea
Blockchain security firm Elliptic has pointed to on‑chain behavior and laundering techniques consistent with hackers linked to the Democratic People’s Republic of Korea (DPRK). Elliptic estimates DPRK‑linked groups have siphoned about $6.5 billion in crypto in recent years. That history — and patterns of laundering — has led several security teams to flag the Drift exploit as potentially state‑sponsored.
Drift said the attack involved “sophisticated social engineering” that allowed the attackers to access two private keys and gain administrative control over the platform. The exploit has rippled through Solana’s ecosystem, impacting projects that built dependencies on Drift.
Will the funds be returned?
Past incidents show outcomes can vary. In one well‑known case, the Poly Network attacker returned roughly $600 million after prolonged on‑chain dialogue. But experts say DPRK‑linked actors are unlikely to cooperate. “They never cooperate and they are not afraid of law enforcement,” Michael Egorov, founder of Curve Finance, told Decrypt, placing the probability of return at effectively zero if state‑sponsored actors are behind the theft.
Egorov added that if the culprits are not state actors and can be identified, the odds of recovery rise dramatically — “almost 100%,” he said. He also noted an important caveat: maximal extractable value (MEV) traders sometimes intercept stolen funds while front‑running transactions, and these actors can return a large portion of the loot (often keeping a bounty).
Other open questions and public pressure
Some security researchers have suggested the attackers may have had inside knowledge of Drift’s systems, but attribution remains uncertain. Drift has not disclosed whether it will offer a bounty or other incentives for returning funds. Its on‑chain messages and public updates are now part of the record as investigators and third‑party firms work to attribute the theft.
The public spectacle drew quick reactions: one address holding only about $200 worth of ETH sent an on‑chain taunt asking the attackers to “send me $10 million to mess with the Drift team.” Decrypt has contacted Drift for comment.
As the investigation continues, the blockchain itself is being used as both a ledger of the crime and a megaphone for the victim — a reminder that in DeFi, transparency can be a tool for recovery as well as a stage for confrontation. Drift says more details will follow after independent attributions are complete.
Read more AI-generated news on: undefined/news
