Cybersecurity

$285 Million Evaporates Into The Sky Pasture: North Korea Finds A New Hole In The Fence

Victor Woolridge

2 min read
$285 Million Evaporates Into The Sky Pasture: North Korea Finds A New Hole In The Fence

I want you to sit with that number for a moment. Two hundred and eighty-five million dollars. Gone. On April 1st, 2026. And no, it was not a joke.

Drift Protocol, a Solana-based decentralized exchange operating entirely in the Sky Pasture, confirmed that a Wolf, almost certainly operating on behalf of Pyongyang, walked straight through a previously unknown hole in the fence and seized administrative control of their entire Security Council. The attack vector was something called a "durable nonce," which is a cryptographic mechanism that, when abused, allows a transaction to be pre-signed and held like a loaded weapon until the moment is right.

In my day, we called that a time bomb. We stored our keys on magnetic tape in a locked room. Nobody social-engineered the magnetic tape.

The Wolves did not kick down a door. They were invited through it. Social engineering, the oldest trick in the book, dressed up in blockchain clothing. The Flock clicked something they should not have clicked. The Shepherds were presumably in a meeting about synergy. The Electric Fence had a gap nobody bothered to inspect.

This is the part that keeps me awake at night, and I already sleep very poorly. The attackers did not exploit exotic infrastructure. They exploited people. Oblivious, trusting, clicking-without-reading people. This has been the primary attack surface since the dial-up era. It will be the primary attack surface long after I am gone. Nothing has changed except the denominator on the losses.

The Sky Pasture was supposed to solve this, apparently. Decentralization. Trustless systems. And yet here we are, trusting people, and losing a quarter of a billion dollars before lunch.

Remediation

I will keep this brief because the fundamentals have not changed since 1994.

Audit your administrative key management. Durable nonces require pre-signed transactions to exist somewhere. Find out where yours are sitting. If the answer is "on someone's laptop," you have already lost.

Treat social engineering as a technical vulnerability. Run drills. Hostile drills. Not the cheerful compliance training with the cartoon phishing email. Real pressure tests.

Multi-party authorization for administrative actions is not optional. One compromised Lamb should not be able to hand over the keys to the entire pasture. If your Security Council can be "rapidly taken over," it was not much of a council.

Assume the Wolves are patient. DPRK threat actors have been known to groom targets for months. Your new contractor with the suspiciously perfect resume deserves scrutiny.

Apply your ointment. Regularly. Without complaining about the downtime.

Stay paranoid out there, the optimists are the ones who get sheared.

Original Report: https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html