What caused the $285 million Drift hack?

Six-month DPRK social engineering: fake traders built trust at conferences, onboarded a vault, then compromised devs via repo or TestFlight beta.

Is North Korea behind the Drift Solana hack?

Medium-high confidence yes—on-chain to Radiant hackers, personas match UNC4736/Golden Chollima.

How can DeFi avoid DPRK hacks like Drift?

Beef up human opsec: vet partners ruthlessly, train on social phishing, limit repo/TestFlight access.

🌐 Nation-State Threats

North Korea's Six-Month Con Job Steals $285M from Solana DEX Drift

North Korean hackers didn't smash windows at Drift—they wined, dined, and Telegram-chatted devs for six months before pocketing $285 million. This wasn't brute force; it was a masterclass in patience and deception.

Threat Digest Apr 07, 2026 4 min read

Timeline graphic of DPRK's six-month infiltration leading to Drift's $285M crypto theft

⚡ Key Takeaways

DPRK's UNC4736 ran a six-month social engineering op using conference meetups and Telegram to infiltrate Drift. 𝕏
On-chain evidence links the $285M theft to prior hacks like Radiant Capital, funding North Korea's military. 𝕏
DeFi's tech focus ignores human weak spots—expect more patient cons unless opsec evolves fast. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#DPRK cyber #DPRK hackers #Drift hack #Solana DeFi #crypto theft #social engineering

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Drift's $285M Nightmare: DPRK's Nonce Social Engineering Masterclass

North Korean Hackers Turn GitHub into a Shadowy C2 Nerve Center for South Korean Targets

North Koreans Schmoozed Their Way to $280M Drift Heist

North Korean Hackers' Slick Slack Trick: Inside the Axios npm Compromise

Stay in the loop