Drift links $280 million exploit to six-month social engineering op run by suspected North Korean actors
Drift Protocol linked a $280 million exploit to a six-month social engineering operation suspected to be conducted by North Korean actors.Summary
Drift Protocol has detailed a sophisticated, six-month social engineering operation that culminated in the April 1 exploit, resulting in a $280 million loss. The attackers, posing as a quant trading firm, engaged with Drift contributors at crypto conferences and through ongoing communication, eventually gaining access through compromised code repositories and a malicious app. Forensic analysis suggests the operation was likely carried out by the same North Korean state-sponsored actors responsible for the $50 million Radiant Capital hack in 2024, with onchain and operational overlaps identified. While the individuals directly interacting with Drift were not North Korean nationals, they were likely intermediaries deployed by the threat actors. Drift has frozen protocol functions, flagged attacker addresses, and is working with Mandiant and security researchers to investigate the incident, which is the largest DeFi hack of 2026 to date.
(Source:The Block)