US EditionThey Shared Coffee and Code—Then Stole $285 Million in a North Korea–Linked Crypto Hack
Drift said the attackers used fake identities, in-person meetings and at least 3 attack vectors to steal funds, with Mandiant tracing links to UNC4736.
- On April 1, Drift Protocol suffered a $285 million exploit, describing it as a structured intelligence operation requiring months of preparation by suspected North Korean state-linked actors.
- Starting in fall 2025, a group posing as a quantitative trading firm infiltrated Drift by meeting contributors at industry events over six months and depositing over $1 million to build trust.
- Attackers utilized at least three vectors, including a fake TestFlight application, a malicious code repository, and a VSCode and Cursor vulnerability that silently executed arbitrary code without warnings.
- Security assessments link the incident to the October 2024 Radiant Capital hack, which Mandiant attributed to UNC4736, a North Korean state-affiliated group tracked as AppleJeus or Citrine Sleet.
- Drift has frozen all remaining functions and removed compromised wallets from its multisig, while urging other teams to treat every device touching a multisig as a potential security target.
11 Articles
11 Articles
They Shared Coffee and Code—Then Stole $285 Million in a North Korea–Linked Crypto Hack
What started as coffee and shop talk at crypto conferences was actually a 6-month North Korean sting. Inside the $285 million Drift hack that proves even face-to-face meetings can't be trusted in the new age of cyber warfare.
Drift Protocol Reveals $285 Million Exploit Was a Six-Month North Korean Intelligence Operation
Drift Protocol published a post-mortem revealing its $285 million exploit was a structured intelligence operation by suspected North Korean state-linked actors using fake identities and in-person meetings.
North Korea's $285M Crypto Heist, China Breaches FBI System, Delve Faces New Allegations
Host David Shiple covers major cybersecurity news: investigators attribute a record $285 million April 1 hack of crypto platform Drift Protocol to North Korea, describing a three-week setup involving a fake “Carbon Vote Token,” wash trading to inflate value, social engineering to pre-approve backdoored transactions, Drift’s removal of a timelock, and rapid collateralized withdrawals that crashed Drift’s token and are now tracked by TRM Labs; the…
Drift Protocol Hit in $286M Suspected North Korea-Linked Crypto Heist
Hackers have stolen approximately $286 million from Drift Protocol, a leading decentralized perpetual futures exchange on the Solana blockchain, in what security researchers believe may be a North Korea-linked cyberattack. The incident occurred on April 1, 2026, and is already being described as the largest decentralized finance (DeFi) hack of the year. Drift Protocol quickly confirmed it was under an “active attack” and suspended deposits and w…
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
