Drift exploited from a DPRK long con
WEEKLY ROUNDUPApr 05, 2026

Drift exploited from a DPRK long con

285m gone in 12 seconds

This has been a really hard week for Solana DeFi. There’s really only been two main stories this week and I think it’s important to dive into those and leave the announcements for another time. DeFi is really facing a serious risk crisis right now and it’s personally made me re-think and shift some positions.

Market moves

BTC Resistance Levels

Immediate: $68,900 – $69,500 and $69,171 (0.236 Fibonacci retracement, acting as strong overhead).

Next: $70,000 – $71,200 (psychological and recent range highs).

Higher: $72,000, $74,000 – $74,700, and up toward $76,000+ (prior highs and "air pocket" with thin supply above $72k in some analyses).

BTC drops below $60k and we could plummet more.

Solana Resistance Levels

Immediate: $85 – $87 (including 20-day EMA around $86, acting as dynamic resistance).

Next: $90 – $93 (broken trendline now resistance; SAR and other indicators cluster here).

Higher: $94 – $100 or $95+ (major overhead zone; breaking $97 could signal stronger recovery).

SOL drops below $70 and we could run into mid $60s.

The Drift hack and downwind impact across the ecosystem

Earlier this week, Drift was hacked for $285m and it rippled through a massive amount of other Solana DeFi protocols. The problem with building money legos is when the base protocol gets hacked, it spreads quickly. There’s a lot that happened here and to dig through. I personally lost money via other protocols using Drift and feel for everyone who’s been hit from this. How are we supposed to bring people onchain when this stuff keeps happening?

There are some huge questions to be asked.

Why would anyone have that money protected by a minority on their multisig?

How many other protocols may currently be in the grips of this same scam?

When will protocols slow down to focus on real security instead of just racing to market?

Where was Circle while this was draining out across their service for 6 hrs? Why weren't the assets frozen? They have no problem doing it to other wallets.

How screwed are we?

Elliptic has tracked 18 DPRK linked crypto thefts in 2026 alone. North Korea stole over $6.5 billion in crypto in the past few years. We are indirectly funding communism through a mix of lax security and social engineering. It’s devastating.

The story plays out like Ocean’s 11 and the level and length of the con was insane. At the end of the day, there were so many mistakes on Drift’s side. Lack of proper security, using computers with signing keys to download and test apps and only a 2/5 needed to lose everything on their multisig. Not even a majority was needed, no timelock on anything, just a total lack of competency for a team managing so much money.

We need to do better. I hadn’t used Drift directly, but I did use protocols who stacked money legos on Drift and I didn’t even know that. It’s much easier to build a product on top of someone else’s and snag your fee than it is to build something new. I love what DeFi can be and should be for people, but my faith in teams, not just on Solana, but across all DeFi has been shaken. Gum put together a site (it’s not https so I won’t share the link) to help show how your money is protected by each protocol, but keep in mind this is information extracted from their public documents, and could be outdated.

The TLDR-ish on how it all happened

6-month social engineering campaign (Fall 2025–April 2026):

Attackers posed as a quantitative trading firm at a major crypto conference, then deliberately re-engaged specific Drift contributors in person at multiple international conferences, building a credible relationship over half a year.

Established operational legitimacy: Created a Telegram group, held ongoing discussions on trading strategies and vault integrations, onboarded an Ecosystem Vault (Dec 2025–Jan 2026) with detailed forms/working sessions, and deposited >$1M of their own capital to appear as a genuine partner.

Delivered malicious payloads under normal business guise:

Shared links to “projects/tools/apps” they claimed to be building, including a code repository (for a supposed vault frontend) and a TestFlight app (presented as their wallet product).

Compromise vectors:

One contributor cloned the shared repo; likely exploited a known VSCode/Cursor vulnerability that silently ran arbitrary code simply by opening the folder/repo. A second contributor was induced to install the TestFlight “wallet” app.

Quantum: Bitcoin, Solana and Ethereum

After Google published their paper in conjunction with Justin Drake (Ethereum) setting their target date for Google products to be Quantum Resistant, it continued the discussions about the timelines and who is working actively on it. The biggest threat by far is Bitcoin. Ethereum and Solana are working on plans currently and we saw some signals of that this week, but the solution is not as simple as flipping a switch. It’s incredibly complex and in a model run by Solana with Eleven Labs, it showed a 40x increase in signature sizes and an up to 90% reduction in throughput. Obviously that is not tenable for a high tps focused chain. Although that won’t be the final path Solana chooses, it’s waving a public flag that they are exploring different approaches and that’s a good sign to investors. Ethereum is out there doing the same. Apparently, Algorand is the only one post quantum at the moment. Silvio is a legend in ZK tech, but I don’t see $ALGO ripping.

On to Bitcoin. I was listening to Nic Carter on the Bankless podcast and there’s one thing he said that really stuck out to me that I hadn’t really thought about. Bitcoin Core does minor updates roughly every 6 months, but there’s been no larger upgrades to Bitcoin since the Taproot fork in 2021. The point that Nic made that really hit me was that there’s no one in the Bitcoin Core who is willing to lead on this move because they don’t want the liability if something goes wrong or they force the wrong choice.

What will happen to Satoshi's coins?

He posited that it’ll be institutions who force a specific path and ultimately decide which fork of Bitcoin is the real $BTC. As anti BTC as this is at its core, it sounds like the most feasible option for how it will ultimately go. That lends the responsibility to the large holders in choosing its future vs the Core Devs. Would you want to be the one who it would all crash down on top of if it went wrong?

The issue of Satoshi’s coins will be a battle, but I have a feeling they will push that off to some sort of Institutional Council as well. To me, the best option is possibly to essentially freeze them, but allow them to be claimed with proof of ownership. No burning, no leaving behind on the old fork, etc. Bitcoin has had forks before. Bitcoin Cash is a fork. If Satoshi’s coins got burned, it’s a serious violation of property rights, dead or not, Satoshi’s possible family or they themself could still have a claim on them if proven ownership vs deciding the fate.

I have faith that Bitcoin, Solana and Ethereum will find the way to go and upgrade, but we are fighting the hypothetical currently, based on assumptions of what may become. They will need to pick what they think will be the most resilient option, but no one really knows right now. It’s all a fight against the unknown,

Stay Free

  • Ebullition

SUPPORT DTS
If you found this article valuable, consider tipping with $SKR.
← Previous
$SUI is now on Solana
DeFi the System
© 2024-2026 · CC BY-NC-SA 4.0 · Independent Solana Media
X / TwitterPrivacyTermsContact