Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift just got absolutely rinsed for $285 million on April 1, 2026 — and no, this isn't a sick April Fools' joke. The attack? A next-level social engineering play that exploited a 'durable nonce' vulnerability to hijack admin privileges. The culprit? Tied straight to DPRK (North Korea), exposing their evolving crypto theft playbook.

Here's the breakdown: Attackers used social engineering to trick a team member into executing a malicious transaction. This wasn't your average phishing link — they manipulated the 'nonce' (a unique number used once in crypto transactions) to make it 'durable,' allowing them to bypass security and gain admin control. Once inside, they drained the funds faster than you can say 'rug pull.'

The DPRK link is key. This attack follows a pattern of state-backed crypto heists, where North Korean hackers target DeFi platforms to fund their regime. It's a reminder that in Web3, the threats aren't just technical — they're geopolitical. The attackers are sophisticated, patient, and have nation-state resources behind them.

This isn't just a hack — it's a masterclass in hybrid threats. Social engineering meets crypto exploit, all backed by a hostile state. For the crypto pros and Gen Z degens out there: secure your nonces, audit your smart contracts, and remember that human error is still the weakest link. Stay vigilant, because the DPRK isn't slowing down.