Elliptic identified multiple indicators suggesting the $286 million Drift Protocol exploit may be linked to DPRK activity, citing on-chain behavior, laundering methods, and network-level indicators consistent with previous DPRK-attributed operations. The attacker drained multiple Drift vaults on Solana, including JLP Delta Neutral, SOL Super Staking, and BTC Super Staking, after what PeckShield assessed as a likely compromise of administrator private keys. Stolen assets were swapped largely into USDC through a Solana DEX aggregator, bridged to Ethereum, and converted to ETH, making cross-chain tracing and entity clustering important for exposure screening. The incident matters because it would extend a broader pattern of large-scale DPRK-linked crypto theft used to fund state priorities if the attribution is confirmed.