On Friday, the Solana-based decentralized exchange Drift reached out to the hacker behind a $285 million exploit via an on-chain message, hoping to recover the stolen assets. The Drift team announced on X that they had sent a message to four Ethereum wallets holding the bulk of the stolen cryptocurrency: "We are ready to talk."
The attack occurred earlier this week when the perpetrator utilized sophisticated social engineering tactics to compromise two private keys, gaining administrative access to the platform. According to analysis by blockchain security firm Elliptic, the attacker’s on-chain behavior and money-laundering patterns strongly suggest the involvement of a North Korean-linked hacking group.
The Battle to Recover Assets
Industry experts remain skeptical about the chances of recovery. Michael Egorov, founder of Curve Finance, noted that if the funds were indeed stolen by a state-sponsored group, the probability of recovery is near zero. "They never cooperate, and they don't fear law enforcement," Egorov said in an interview.
However, Egorov suggested that if the attacker is not a state actor, the chances of recovering the funds increase significantly. "If the attacker's true identity is exposed, the likelihood of them returning the funds jumps to nearly 100%." He noted that some MEV (Maximal Extractable Value) traders sometimes intercept hackers through front-running, returning the funds in exchange for a commission or a 'bounty.'
In their on-chain message, the Drift team hinted that they have already gathered critical information regarding the attack. The team stated that they will disclose further progress to the community once third-party attribution analysis is complete. Drift is currently maintaining contact with the addresses holding the stolen funds.
Since the attack, on-chain negotiation has become a standard procedure for handling security incidents in the DeFi space. While there have been precedents where hackers returned hundreds of millions of dollars 'for the fun of it,' most attackers typically choose to ignore such outreach and legal threats.
The incident has not only impacted Drift but has also affected several projects within the Solana ecosystem that rely on the platform. Drift has not yet clarified whether it is willing to offer a bounty in exchange for the return of the assets. Meanwhile, an anonymous user holding a small amount of Ethereum sent a message to Drift on-chain, offering to 'disrupt' the team's negotiation process for $10 million, highlighting the complex on-chain dynamics surrounding the incident.
