North Korean Intel Runs Six-Month Con to Hack $270 Million from Drift

Drift Protocol was hacked for $270 million in a six-month North Korean intelligence operation.

“Drift says $270 million exploit was a six-month North Korean intelligence operation Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a year before executing the drain CoinDesk detailed earlier this week”

@coindesk

Attackers posed as a quantitative trading firm, meeting contributors in person across multiple countries.

@coindesk

They deposited over $1 million of their own capital and integrated an Ecosystem Vault.

The exploit did not stem from a smart contract bug but from compromised administrative controls.

Forensic analysis identified two likely intrusion vectors: a malicious code repository and a TestFlight application.

A known vulnerability in VSCode and Cursor editors may have enabled silent code execution.

bloomingbit

Drift immediately suspended all protocol functions.

Mandiant was engaged for investigation.

Drift's native token plunged from $0.07 to around $0.03.

“Drift says $270 million exploit was a six-month North Korean intelligence operation Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a year before executing the drain CoinDesk detailed earlier this week”

CoinDesk

The team began sending on-chain messages to wallets holding stolen crypto.

The attack was attributed with medium-high confidence to UNC4736.

Such long-con, identity-rich operations expose deep weaknesses in multisig-based security.