A North Korean threat actor is likely to be blamed for a $285 million heist from the Drift DeFi platform, carried out as a carefully planned operation. The incident, described by Drift as highly sophisticated, involved durable nonce accounts to pre-sign transactions and the compromise of multisig signers’ approvals, with five vaults drained in seconds.
According to Elliptic, the attack resulted in the theft of $286 million from Drift, and PIF Research Labs notes that the hackers gained admin access five hours before the exploit and created a brand-new wallet eight days earlier to enable the theft. The attackers used a durable nonce to generate an on-chain transaction that would not expire and pre-signed transactions to execute rapidly, with the withdrawals beginning 25 seconds after gaining control of the admin key.
Within 10 seconds, funds were drained from multiple vaults and subsequently laundered through 27 getaway wallets and 57,331 addresses, before proceeding across chains and exchanges over the following hours.