North Korean Hackers Steal $577M: DRIFT & KelpDAO Losses

TRM Labs reports North Korean Hackers stole about $577M in the first four months of 2026, or roughly 76% of recorded crypto hack losses in that period. The value is concentrated in two April attacks: $285M from the DRIFT protocol and $292M from KelpDAO. DRIFT hack details: the attackers targeted Solana governance and multisig controls using pre-signed transactions. They reportedly cultivated access with Drift employees for months, set up persistent nonce accounts from mid-March, and then drained vaults in about 12 minutes after an April 1 security threshold change. The exploit centered on Solana nonce manipulation to bypass multisig protections. KelpDAO hack details: the breach focused on cross-chain infrastructure. The attackers allegedly compromised RPC infrastructure and disrupted LayerZero bridge cross-chain checks (single-validator design), then converted proceeds via THORChain (RUNE) to BTC and routed funds through intermediaries after Arbitrum (ARB) freezes. Trading impact for DRIFT: the token was delisted after the DRIFT hack (removed from Upbit and Bithumb). DRIFT is cited around $0.04 with a -6.19% 24h move, and the article notes bearish signals (Supertrend bearish, EMA20 near $0.0389). Traders should watch DRIFT resistance around $0.0407 and track risk sentiment toward Solana, multisig, and cross-chain bridge security, since TRM Labs highlights escalating attacker focus on bridge and multisig plumbing.