What caused the Drift Protocol $280M hack?

A six-month op by North Korean-linked hackers who posed as quants, met Drift contributors at conferences, and compromised them via malicious code repos and fake wallet apps.

Is Drift Protocol safe now after the hack?

Functions are frozen, compromised wallets removed, attacker addresses flagged — but stolen funds are out there, and full recovery's uncertain.

Who was behind the Drift crypto theft ?

UNC4736 (Lazarus subgroup), with non-Korean intermediaries doing in-person outreach; confirmed by Elliptic, TRM, Mandiant.

🌐 Nation-State Threats

North Koreans Schmoozed Their Way to $280M Drift Heist

Hackers didn't just code their way into Drift's $280M vault. They bought drinks at crypto conferences first. A six-month con that screams future of cyber-espionage.

Threat Digest Apr 07, 2026 4 min read

North Korean operatives shaking hands with Drift developers at a crowded crypto conference

⚡ Key Takeaways

North Korean hackers ran a 6-month in-person op at crypto conferences to infiltrate Drift. 𝕏
Attack used social engineering: fake quants, malicious repos, dodgy TestFlight apps. 𝕏
Signals hybrid human-digital threats as crypto's new reality; platforms need better vetting. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#Drift Protocol hack #Lazarus Group #North Korean hackers #Solana security breach #crypto conference infiltration #crypto theft

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

North Korea's Hackers Vaporize $285M from Drift in Seconds

North Korean Hackers Hijack Drift's Governance, Wipe Out $280 Million in User Funds

North Korea's Six-Month Con Job Steals $285M from Solana DEX Drift

SparkCat's Sneaky Return: App Store Apps Now Hunt Your Crypto Seed Phrases

Stay in the loop