Ledger CTO Ties $280M Drift Hack to North Korea Suspects

Drift Protocol, one of the largest perpetual trading platforms on Solana, confirmed on April 1, 2026 that it was under active attack, with deposits and withdrawals suspended as the team worked to contain what could be one of the biggest DeFi exploits of the year. Ledger CTO Charles Guillemet has since suggested the attack pattern resembles tactics used by North Korea-linked threat actors, though no formal attribution has been confirmed.

What happened in the Drift Protocol exploit

Drift Protocol announced on X that it was “experiencing an active attack” and had immediately suspended all deposits and withdrawals. The team said it was coordinating with security firms, bridges, and exchanges to contain the incident.

The scale of the exploit remains unclear, with published estimates varying widely. TechCrunch reported that blockchain security firm CertiK estimated approximately $136 million in stolen funds, while on-chain intelligence platform Arkham placed the figure at roughly $285 million.

According to unconfirmed reports, the total may be around $280 million, though Drift has not published a formal postmortem or confirmed a final loss figure. The competing estimates have not yet been reconciled.

Why the Ledger CTO suspects North Korea-linked threat actors

On April 2, 2026, Ledger CTO Charles Guillemet publicly weighed in on the exploit. He estimated the hack at approximately $213 million, calling it the biggest hack of 2026 so far and one of the largest ever on the Solana blockchain.

Source: @P3b7_ on X

According to U.Today, Guillemet believes the likelier attack path involved compromised signer machines combined with social engineering, rather than a pure smart-contract vulnerability. He noted the pattern resembles tactics previously associated with DPRK-linked bad actors.

No official Drift statement, named forensic report, or law enforcement agency has publicly attributed the exploit to North Korea as of April 2, 2026. Guillemet’s comments reflect pattern analysis, not confirmed attribution. The distinction matters: suspicion based on attack methodology is not the same as forensic proof linking specific wallets to a state-sponsored group.

DRIFT token drops 21% as broader fear deepens

Markets reacted sharply. The DRIFT token fell to $0.0568, down 21.13% over 24 hours, with its market cap declining to approximately $32.5 million. Trading volume surged to roughly $59.6 million in the same period, nearly double the token’s market cap.

The broader crypto market was already under pressure before the Drift exploit surfaced. The Fear and Greed Index sat at 12, deep in “Extreme Fear” territory. Large-scale DeFi exploits tend to amplify existing risk aversion, as traders saw during the Moody’s Bitcoin haircut episode that highlighted forced-selling risks across crypto markets.

Public discussion around the hack centered on signer compromise and social engineering rather than a pure smart-contract failure. That framing carries additional weight given ongoing regulatory attention to blockchain security from agencies including the CFTC, which has pointed to infrastructure vulnerabilities as a systemic concern.

Critical questions remain open

Several pieces of information are still missing. No public forensic attribution from Drift, Arkham, CertiK, or law enforcement directly ties the exploit wallets to any specific threat actor. The loss estimates of roughly $136 million, $213 million, and $285 million remain unreconciled.

Until Drift releases its own postmortem, the true scale and origin of the exploit remain open questions. The incident adds to a growing list of major security events in early 2026, a pattern covered in recent crypto news roundups tracking policy and security developments across the industry. Protocol users should monitor official Drift channels for updates on fund recovery and any timeline for resuming operations.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.