Drift exploit: North Korea-linked hackers targeted via Ethereum on-chain messages

Drift, a Solana-based DEX, said it wants to negotiate with hackers it believes are North Korea-linked after a $285M Drift exploit this week. On Friday, the team posted that it sent Ethereum on-chain messages (“We are ready to speak”) to four wallets holding stolen funds, including a response from one wallet showing $200 worth of ETH. Drift said it has identified “critical information” about the parties involved, and would share more updates once third-party attributions are completed. Curve Finance founder Michael Egorov said recovery is near zero if the theft is state-sponsored, because such actors typically do not cooperate with negotiations. He noted that recovery becomes much more likely only if the attackers are not tied to state actors. The wider context: bad-actor attribution remains uncertain, with other experts suggesting possible insider knowledge. Drift previously said the incident stemmed from sophisticated social engineering that enabled attackers to gain administrative control by accessing two private keys. Traders should watch whether the chain-level pursuit leads to any movement on the stolen-fund wallets, since follow-through (or lack of it) can affect sentiment around Solana DeFi security and bridge/perp integrations tied to Drift.