The $285M Drift Hack Tells Us Something Uncomfortable About Agent Wallet Security
Published by WalletPrint · June 2026
In April 2026, Drift — one of Solana's largest decentralized exchanges — lost nearly $285 million to an attack attributed to North Korean state-sponsored hackers. The postmortem covered the technical vectors. The governance failures. The response timeline.
What didn't get enough attention: the part that wasn't technical at all.
The Transaction Was Valid
This is the detail that keeps getting glossed over in coverage of large crypto exploits: by the time funds moved, the transactions themselves were legitimate. Authorized signers. Correct destinations. Valid amounts.
The attack didn't happen at the transaction layer. It happened in the weeks before — in conversations, in trust-building, in the slow manipulation of the people and systems that controlled the keys.
By the time anyone looked at the transaction, it was already settled.
Why This Matters for Agent Wallets
The Drift attack targeted human decision-makers. But the pattern it exploits — manipulating the principal that controls a wallet before the transaction occurs — applies just as cleanly to AI agents.
Right now, tens of thousands of developers are issuing crypto wallets to AI agents. Those wallets ship with what everyone calls "guardrails": spend caps, allow-lists, time windows. The logic is sound. Set a ceiling, restrict the destinations, limit the frequency. The agent can't do too much damage.
Here's the problem: those guardrails describe what an agent can't do. They say nothing about whether it's doing what it normally does.
A compromised agent — one that's been prompt-injected, fine-tuned against, or simply has a subtle logic bug — can operate perfectly within its defined limits while behaving nothing like itself. Sending to a new address for the first time. Interacting with a contract type it's never touched. Moving 40x its typical transaction value, still under the spend cap.
The spend cap fires when the agent exceeds it. Nothing fires when the agent drifts.
The Gap Nobody Has Closed
The category of tools that analyze transactions before they're signed — Blowfish, Wallet Guard, Pocket Universe — do something genuinely valuable: they check whether a transaction is technically malicious. Bad contract, known drainer, unlimited approval. That problem is largely being solved.
But behavioral drift isn't a technically malicious transaction. It's a valid transaction from a wallet that's acting out of character. There's no bad contract to flag. No approval to revoke. The transaction clears every existing check.
This is the gap the Drift attack would have exploited if the target had been an AI agent instead of a human governance structure. And it's a gap that will only grow as agent-controlled wallets become a standard part of how value moves onchain.
What "Behavioral" Actually Means
The concept isn't complicated, even if the implementation requires some care.
Every wallet — human or agent — has a behavioral history. The typical size of transactions it sends. The addresses it regularly interacts with. The types of contracts it calls. The frequency at which it operates. Over time, this history creates a fingerprint. Not a rule. A pattern.
When a proposed transaction deviates sharply from that pattern — a new recipient, an unusual size, an unfamiliar contract category, a velocity spike — that deviation is a signal. It doesn't mean the transaction is wrong. It means the transaction is different, and different warrants a second look before the signature is committed.
This is how fraud detection works in every other financial system. Stripe flags an unusual card charge. Your bank texts you about a transaction in a new geography. Not because those transactions are necessarily fraudulent — but because they fall outside the pattern, and pattern deviation is exactly where fraud concentrates.
Crypto, and specifically the emerging world of agent-controlled wallets, has no equivalent layer. The transaction either clears the static rules or it doesn't. There's no "this is unusual for this wallet" signal anywhere in the stack.
What We're Building
WalletPrint is a behavioral risk scoring API for crypto transactions — built specifically for agent wallets, with a secondary application to human-controlled wallets facing social engineering risk.
The way it works: every transaction is scored against the sending wallet's own history. New recipient? Flagged and explained. Transaction value in the top 1% of this wallet's history? Flagged and explained. Agent interacting with a contract category it's never used before? Flagged and explained. The output is a risk score, a band (low/medium/high), and plain-English reason codes — not a black box, not a block, just a signal that gives your application the information to decide what happens next.
The SDK is open source. The scoring engine is a hosted API. It integrates with ZeroDev, LangChain agent tooling, and Coinbase AgentKit in a few lines of code.
We're in early distribution — which means if you integrate it, you're not just adding a safety layer to your agent. You're contributing to the cross-wallet behavioral dataset that makes the model better for everyone. Every flagged transaction you label as a false positive or a confirmed anomaly makes the signal sharper, across every wallet we screen.
The Drift hack exploited a gap in human vigilance. The same gap exists in every agent wallet that only has a spend cap standing between normal operation and something going very wrong.
We're building the layer that watches for when a wallet stops acting like itself.
Try it: WalletPrint · npm install @walletprint/sdk · GitHub
WalletPrint is behavioral risk scoring for agent wallets. Open source SDK, free to integrate. If you're building at the exchange or wallet layer and want to talk about a pilot, get in touch.