The information provided on EL7.AI is for educational and informational purposes only and does not constitute financial advice.

CryptoUpdated×8•Originally published 6 May 2026•Updated 7 May 2026•

1 min read

Drift Protocol Unveils $295M Recovery Plan Following North Korean Cyberattack

Key Facts

1Drift Protocol, a Solana-based platform, unveiled a recovery strategy following a $295 million security breach.

2Cybersecurity investigators at Mandiant traced the intrusion to the North Korean state-sponsored group DPRK.

Drift Protocol has detailed its recovery plan for users affected by a $295 million exploit linked to the North Korean DPRK group. In a significant update, all remaining collateral positions have been fully liquidated across both the Ethereum mainnet and the Arbitrum layer-2 network. Furthermore, Aave has completed the final liquidations related to the Kelp DAO breach, successfully recovering $20 million in assets. Meanwhile, the affected 1inch market maker has been identified as TrustedVolumes, with the total stolen amount revised upward to $6.7 million. New reports confirm that the stolen assets from TrustedVolumes were moved across three specific Ethereum wallets, providing a clearer trail for investigators. These incidents follow a recent $1.4 million loss at Ekubo Protocol, keeping investors on high alert regarding security gaps in decentralized finance.

27 days ago

Version History

3 additional sources confirmed this story

Version 827 days ago

What changed: Added information regarding Aave's recovery of $20 million following the completion of Kelp DAO breach liquidations.

Version 728 days ago

What changed: Confirmation that the $6.7 million in stolen assets from TrustedVolumes were moved across three specific Ethereum wallets.

Version 628 days ago

What changed: The identity of the exploited 1inch market maker has been revealed as TrustedVolumes, and the confirmed stolen amount has been revised upward to $6.7 million.

Version 528 days ago

What changed: Confirmation that the liquidation process is now complete across Ethereum and Arbitrum networks as part of the DeFi United community initiative.

Version 428 days ago

What changed: The story was updated to include a new $5.87 million exploit targeting a 1inch liquidity provider, with warnings that the attack may still be active.

Version 328 days ago

What changed: Added information regarding Aave liquidating attacker rsETH positions to secure collateral as part of the recovery process.

Version 228 days ago

What changed: Added information regarding a separate security breach involving Ekubo Protocol resulting in a $1.4 million loss.

Version 129 days ago

What changed: Specified the timing of the announcement (Tuesday) and clarified that the exploit targeted the protocol's lending decentralized exchange (DEX) functionality.