Drift Protocol: The April 1 attack was a months-long organized infiltration operation, possibly linked to North Korean hackers.

WuSaidBlockchainW · 2026-04-05T02:50:43+00:00

Drift Protocol investigation found that the attack on April 1st appears to be a coordinated long-term infiltration operation, beginning in Fall 2025. The attackers disguised themselves as quantitative trading firms and contacted the Drift team. The project team has taken measures and collaborated with professional agencies to gather evidence. This attack may be linked to North Korean hacker groups.

WuSaidBlockchainW

2026-04-05 02:50:43

Abstract generation in progress

Wu Blockchain learned that Drift Protocol has released the latest investigative progress regarding the April 1 attack incident, saying the attack was likely a long-term infiltration operation lasting about 6 months with an organized background. Preliminary findings show that the attackers, starting from the autumn of 2025, posed as quantitative trading institutions and continuously engaged with members of the Drift team at multiple international crypto conferences. They carried out device infiltration through methods such as linking code repositories and using TestFlight applications. Drift said it has frozen remaining protocol functions, removed the compromised multisig wallets, and has begun evidence collection in coordination with firms such as Mandiant and SEAL 911. The project team assesses with medium to high confidence that this operation may be linked to the North Korea–related hacking group behind the 2024 Radiant Capital theft incident.

DRIFT13,3%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.