Chainalysis reports that Drift Protocol lost about $285 million on April 1, 2026 in a highly coordinated Solana DeFi attack with preliminary indicators consistent with DPRK-linked operations, though formal attribution was still pending. According to Drift's investigation, actors posing as a quantitative trading firm spent months building trust before using Solana durable nonces to obtain valid pre-signed transactions from Security Council members. The attackers then transferred admin control, whitelisted an attacker-controlled CVT token with an artificial price history, deposited 500 million CVT, and withdrew real assets including USDC, JLP, cbBTC, USDT, WETH, and other tokens. Funds were swapped, bridged to Ethereum, and consolidated while drainage continued, underscoring the risk of social engineering, blind signing, zero-timelock multisig governance, and insufficient pre-execution transaction intent checks.