On April 1, 2026, UNC4736 (North Korean state-sponsored TraderTraitor group) executed a 12-minute, 31-transaction drain of $285 million from Drift Protocol, the largest Solana DeFi exploit in 2026 and second-largest in Solana history. A six-month social engineering campaign beginning fall 2025 built relationships with Drift Security Council members. Attackers leveraged Solana’s ‘durable nonces’ feature to get council members to unknowingly pre-sign malicious transactions. Once admin control was obtained, attackers whitelisted a worthless fake token (CVT) as collateral, deposited 500M CVT, and withdrew $285M in USDC, SOL, and ETH. Drift’s TVL collapsed from ~$550M to under $250M within one hour. Attribution: TRM Labs and Elliptic linked the hack to DPRK with medium confidence.