Drift Protocol, a Solana-based perpetual futures exchange, lost $286 million in just 12 minutes on April 1, 2026. The attack was orchestrated by suspected North Korean hackers who spent three weeks quietly manufacturing fake collateral and socially engineering the protocol's signers. The exploit used 'durable nonces,' a legitimate Solana transaction feature, to pre-sign administrative transfers weeks before executing them, bypassing the protocol's multisig security. The contagion spread to more than 20 protocols, with Prime Numbers Fi reporting losses in the millions, Carrot Protocol pausing mint and redeem functions after 50% of its TVL was affected, and Pyra Protocol disabling withdrawals entirely. Security firms Elliptic and TRM Labs have attributed the attack to DPRK-linked threat actors, citing similarities to previous North Korean hacking patterns including the 2022 Ronin bridge hack.