Finding the group or individuals that stole $285 million worth of crypto from Drift earlier this week may be a tough task in the real world, but the team behind the Solana-based decentralized exchange knew exactly where to find its attackers on-chain.

On Friday, Drift said in a post on X that it had sent messages on Ethereum’s network to four wallets holding massive amounts of stolen crypto, which several security experts have begun linking to the Democratic People’s Republic of Korea: “We are ready to speak.”

The so-called Hermit Kingdom isn’t exactly known for negotiating with projects that its elite hackers siphon funds from, considering that bad actors linked to North Korea have absconded with $6.5 billion worth of crypto in recent years, according to blockchain security firm Elliptic. 

Still, the messages indicated that the true identity of whomever facilitated one of the biggest exploits in decentralized finance so far this year may not be truly known yet. That’s because the messages focused on the discovery details associated with attackers’ identities.

“Critical information of parties related to the exploit have been identified,” the on-chain messages sent by Drift’s team read. “To the community, Drift will share further updates as soon as third-party attributions are completed.”

When millions of dollars in crypto get swiped from a DeFi project, on-chain negotiations are a common course of action. Sometimes they work. Several years ago, someone who stole $600 million from Poly Network “for fun” returned the funds after a lengthy dialogue, for example. Oftentimes, attackers ignore any outreach and associated legal threats.

The probability of seeing Drift’s funds returned if North Korean hackers are involved is zero, according to Michael Egorov, founder of decentralized exchange Curve Finance.



“They never cooperate and they are not afraid of law enforcement,” he told Decrypt.

However, if the funds weren’t swiped by a state-sponsored group, then there is a chance that they'll be returned, he said. If the attackers’ identities are revealed, then he said that the “probability of them returning funds jumps to almost 100%.”

Ergorov noted that “maximal extractable value” traders can be an exception to the rule. With a strategy that focuses on essentially front-running users’ transitions to make profitable trades, they can occasionally step in front of hackers trying to abscond with funds.

“When they do, they return funds more often than not,” he said, adding that they sometimes hold onto some as a bounty, or leave it up for projects to determine.

Drift signaled earlier this week that the exploit, which has affected projects throughout Solana’s ecosystem that had built dependencies on the decentralized exchange, stemmed from “sophisticated social engineering.” The attackers were able to gain administrative control over the platform’s security by accessing two private keys.

Elliptic pointed to the attackers’ on-chain behavior and laundering methodologies as factors that led them to believe that hackers linked to North Korea were involved. Still, other security experts suggested that the attackers may have had some degree of insider knowledge.

It’s unclear who Drift believes the hackers could be, as well as whether the decentralized exchange is willing to offer them a bounty. Nonetheless, its attempt to retrieve funds on behalf of itself and the DEX’s users are public for all to see.

Decrypt has reached out to Drift for comment.

Someone controlling a wallet that holds $200 worth of Ethereum couldn’t resist the opportunity to chime in on Friday. In an on-chain message to Drift’s wallet, the individual wagered that the attackers could “send me $10 million to mess with the Drift team.”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。