Drift details how suspected North Korean attackers stole $270M posing as a quant trading firm in a 6+ month operation with in-person meetings and a $1M+ deposit
Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital …
CoinDesk Shaurya Malwa
Related Coverage
- Drift Protocol Reveals North Korean State Hackers Behind $285M Exploit The Crypto Times · Dhara Chavda
- How North Korean Operatives Orchestrated a $270M Crypto Heist After Months of Patient Infiltration Blockonomi · Trader Edge
- The Neutrality Paradox: How USDC's Greatest Strength Became Its $285M Dilemma Blockhead
- Crypto attorney says Drift incident may qualify as ‘civil negligence’ Cointelegraph · Vince Quill
- Drift Hack Update: Protocol Shares Latest Security Update On April 1 Exploit CoinGape
- Drift links $280 million exploit to six-month social engineering op run by suspected North Korean actors The Block · Zack Abrams
- Drift links $280M hack to radiant attackers crypto.news · Olivia Stephanie
- Drift Protocol Hack: How a North Korean Group Spent Six Months Infiltrating a DeFi Protocol Blockonomi · Brenda Mary
- ‘We Are Ready to Speak’: Drift Beckons North Korea-Linked Hackers Following $285M Exploit Decrypt · André Beganski
- Drift Protocol says $280M exploit took ‘months of deliberate preparation’ Cointelegraph · Ciaran Lyons
- Solana Drift Protocol drained of $285M via fake token and governance hijack Hacker News
- North Korean Hackers Spent Six Months Infiltrating Drift Before $285M Exploit Decrypt · Vismaya V
- North Korea Spent 6 Months Infiltrating Drift Protocol Only to Drain $285M in 12 Mins The Cyber Express · Mihir Bagwe
- North Korea-Linked Hackers Drain $286M from Drift Protocol Cryip · Saravana Kumar Mahendran
- Drift Says $270M Crypto Hack Was a Six-Month North Korean Intelligence Operation Coinspeaker · Neil Mathew
- North Korean Hackers Pose as Trading Firm to Steal $285M from Drift Hackread · Deeba Ahmed
- Morning Minute: North Korea Hacks Drift for $285M Decrypt · Tyler Warner
- Drift Protocol Reveals $285 Million Exploit Was a Six-Month North Korean Intelligence Operation Unchained
- Drift $280M crypto theft linked to 6-month in-person operation BleepingComputer · Bill Toulas
- Crypto Hack News: Drift Protocol Lost $280M After 6-Month Setup The Coin Republic · Rupam Roy
- ‘Six Months in the Making’: Drift Protocol Says $285,000,000+ Hack Involved North Korean-Backed Impostors at Multiple Crypto Conferences The Daily Hodl · Conor Devitt
- They Shared Coffee and Code—Then Stole $285 Million in a North Korea-Linked Crypto Hack Inc.com · Amaya Nichole
- Things are getting weird on OpenAI's leadership team Fortune · Andrew Nusca
Discussion
-
@driftprotocol
@driftprotocol
on x
The preliminary investigation shows that Drift experienced a structured intelligence operation [...] Drift contributors were approached by a group of individuals at a major crypto conference who presented as a quantitative trading firm looking to integrate on the protocol. [...]…
-
@givnerariel
Ariel Givner
on x
The more I sit on this, the more I can't help but think we're dealing with a civil negligence issue. Sorry for how long this rant will be in advance, but I'm just so angry. Drift Protocol was handling hundreds of millions in user money. They knew crypto is full of hackers -
-
@coindesk
@coindesk
on x
ANALYSIS 🧵: The $270M Drift Protocol hack was a six-month North Korean intelligence operation. Attackers posed as a quant trading firm, met contributors in person at conferences across multiple countries, and deposited $1M of their own capital before executing the drain.
-
@laurashin
Laura Shin
on x
Covering crypto as a journalist is like living in a Hollywood movie ... I only wish this were fiction
-
@coindesk
@coindesk
on x
The compromise came through two vectors: → A malicious TestFlight app presented as their wallet product → A known VSCode/Cursor vulnerability where opening a file silently executes arbitrary code — flagged by the security community since late 2025
-
@toly
@toly
on x
Terrifying
-
@armaniferrante
Armani Ferrante
on x
I'll probably get attacked for saying this, but every team in crypto should use this as an opportunity to slow down and focus on security. If possible, dedicate an entire team to it. I know how hard it is. There's an enormous amount of pressure to grow at all costs. Your
-
@coindesk
@coindesk
on x
Once devices were compromised, attackers obtained two multisig approvals. Those pre-signed transactions sat dormant for more than a week. On April 1, they drained $270M from Drift's vaults in under a minute.
-
@omeragoldberg
Omer Goldberg
on x
Diving deep on Drift's exploit w/ @laurashin on @Unchained_pod. This exploit was methodical and calculated. The exploiters spent time studying Drift deeply. The game of security/risk is asymmetric: You only need to be wrong once for it to be over.
-
@joshkale
Josh Kale
on x
This story is insane. North Korea stole $285 million from a crypto protocol in 12 minutes. But the operation started 6 months ago with real life spies. It reads like a thriller: A group posing as a quant trading firm approached Drift Protocol contributors at a crypto conference […
-
@jacobvcreech
Jacob Creech
on x
Don't trust anyone Don't install apps Have dedicated devices for signing The game has changed Review your security practices and verify they fulfill your needs
-
@ashcrypto
@ashcrypto
on x
THIS IS INSANE.🤯 North Korea stole $285 million in 12 minutes. Drift is the biggest trading platform on Solana. The code was fine. Two audits found nothing wrong. North Korea didn't touch the code. They went after the people. They made a fake token called CarbonVote. Put in [imag…
-
@coindesk
@coindesk
on x
The uncomfortable question the Drift exploit is now asking the industry: If attackers are willing to spend six months and $1M building a legitimate presence, meet your team in person, and wait — what security model catches that? Drift warns the attack exposes deep weaknesses in
-
@nicrypto
Nic
on x
So, let me get this straight. The $280m Drift hack took six months of: - Attending crypto conferences. - Meeting the team in person. Multiple times. - Depositing $1M of their own capital to build trust. - Sharing a GitHub link. The biggest DeFi exploit of the year started at a
-
@gauthamzzz
@gauthamzzz
on x
north korea deposited $1M into drift, attended conferences for 6 months, and built real relationships with the team. the most dangerous hackers don't look like hackers.
-
@mert
@mert
on x
pretty crazy if true tl:dr - hackers casually gained trust via irl conference meet, setup tg channel and became a customer, started building integrations over 6 months and then got one person with a testflight link to show off what they built
-
@vibhu
@vibhu
on x
The underlying lessons here: Keep your wallets away from your work laptop and phone Dedicated device for signing, maybe running on a cellular connection Trust nobody
-
@tayvano_
Tay
on x
I beg everyone in crypto to read this in full. I expected this to be another case of social engineering, likely some recruiter/job offer shit. I was very wrong. And the depth of the operation and personas makes me think they already have multiple other teams on lock. 😳
-
@laurashin
Laura Shin
on x
Another week, another DeFi exploit 🫠 @omeragoldberg joined me to unpack the Drift Protocol hack: ⁉️ What went wrong? 👀 How the attack resembles the Mango DAO and Resolv exploits 🤔 Why was Circle so slow to react? ⚠️Are North Korean state actors behind the attack? [video]