Federal investigators have revealed the full scope of what is now being called the largest cryptocurrency heist attributed to a nation-state actor. North Korean hacking group Lazarus successfully exploited a vulnerability in the Drift decentralized exchange protocol to steal $285 million in various cryptocurrencies over a 72-hour period, laundering the funds through an elaborate network of mixers, bridges, and shell wallets spanning 14 different blockchain networks.
How the Attack Unfolded
The attack began with a sophisticated supply chain compromise targeting a third-party oracle service used by Drift to determine real-time asset prices. By manipulating price feeds for a brief window, the attackers were able to execute a series of flash loan attacks that exploited arbitrage opportunities created by the false pricing data. The manipulation was subtle enough to avoid triggering Drift’s automated circuit breakers, with individual transactions kept below the platform’s anomaly detection thresholds. Over 72 hours, more than 12,000 individual transactions siphoned funds from liquidity pools across the platform.
The Laundering Operation
Within minutes of extraction, stolen funds were routed through Tornado Cash, Railgun, and several lesser-known privacy protocols before being bridged across Ethereum, Solana, Avalanche, and Polygon networks. FBI blockchain analysts identified at least 847 unique wallet addresses involved in the laundering chain, many created just hours before the attack. Approximately $45 million was converted to Monero, making it effectively untraceable, while another $120 million was funneled through decentralized exchanges in rapid small-value swaps designed to obscure the transaction trail.
Attribution and Response
The FBI and NSA jointly attributed the attack to Lazarus Group based on code signatures, infrastructure overlap with previous North Korean operations, and intelligence from partner agencies. The UN Panel of Experts estimates that North Korea has stolen over $3.8 billion in cryptocurrency since 2017, with proceeds funding the country’s nuclear weapons and ballistic missile programs. In response, the Treasury Department has sanctioned 23 additional wallet addresses and announced new compliance requirements for cross-chain bridge operators.
Industry Impact
The hack has accelerated calls for mandatory security audits of DeFi protocols and oracle services. Several major DeFi platforms have already implemented additional safeguards including multi-oracle verification systems, time-delayed price feeds, and enhanced anomaly detection algorithms. Insurance protocols covering DeFi exploits have seen premium rates increase by 340% since the incident, while regulatory agencies in the US, EU, and Singapore have fast-tracked proposals requiring decentralized exchanges to maintain reserve funds capable of covering potential exploit losses.
Create Your Own QR Code for Free — Need a custom QR code for your project, business, or personal use? Try our free QR code generator to create high-quality QR codes instantly in PNG, SVG, and more formats.