How does a six-month campaign of persuasion end with $285 million gone in a single day? For users, engineers and policymakers, that question now frames the fallout from an April 1, 2026 attack that Drift says culminated years of patient targeting.
The core facts
Drift, a Solana-based decentralized exchange, has revealed that the April 1, 2026 attack that resulted in the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK). According to Drift, the campaign began in the fall of 2025. Drift described it as "an attack six months in the"
Anatomy of the incident, as reported
The details released by Drift are narrow but direct: the loss occurred on April 1, 2026; the amount taken was $285 million; and the compromise was not a sudden technical exploit alone but the end point of a sustained social engineering effort. Drift characterizes the operation as targeted and meticulously planned, and attributes its origins to the DPRK, beginning in the fall of 2025.
Why this matters: four perspectives
- Technologists — A months-long social engineering campaign that produces a single-day multimillion-dollar theft underscores that security is not only code and cryptography but people, process and persistence. The timeframe reported by Drift suggests attackers were able to cultivate access or trust over many months.
- Users and customers — For people who hold funds or rely on Solana-based services, the incident is a reminder that custody, transaction authorization and institutional controls can be as decisive as protocol design when high-value assets are at stake.
- Policymakers — Attribution to the DPRK raises questions about state-directed criminal campaigns against financial infrastructure and the pressures such operations place on cross-border financial integrity and enforcement mechanisms.
- Adversaries — The profile described by Drift — targeted, meticulously planned and long-running — may be a model for others who seek high return on investment through patient social engineering rather than immediate technical exploitation.
What to watch next
Drift’s disclosure establishes a timeline and an attribution, but it also leaves open operational questions that will matter to the ecosystem: how the social engineering unfolded over those months, what controls failed or were bypassed, and what remediation and transparency Drift will provide to affected users. The company’s characterization of the incident frames the attack as sustained and deliberate — a reminder that defenses must extend beyond software patches to include long-term vigilance against human-targeted campaigns.
If patient persuasion can yield a single-day $285 million theft, how should exchanges, platforms and the people who use them build defenses that are equally patient and persistent?
https://thehackernews.com/2026/04/285-million-drift-hack-traced-to-six.html




