coin-img-ETHETH-0.21%coin-img-BTCBTC+0.07%coin-img-SOLSOL-0.22%coin-img-XRPXRP-0.63%coin-img-USDCUSDC+0.01%coin-img-KFCKFC+0.00%coin-img-CDDCDD-62.69%coin-img-SIRENSIREN+131.54%coin-img-ETHETH-0.21%coin-img-BTCBTC+0.07%coin-img-SOLSOL-0.22%coin-img-XRPXRP-0.63%coin-img-USDCUSDC+0.01%coin-img-KFCKFC+0.00%coin-img-CDDCDD-62.69%coin-img-SIRENSIREN+131.54%coin-img-ETHETH-0.21%coin-img-BTCBTC+0.07%coin-img-SOLSOL-0.22%coin-img-XRPXRP-0.63%coin-img-USDCUSDC+0.01%coin-img-KFCKFC+0.00%coin-img-CDDCDD-62.69%coin-img-SIRENSIREN+131.54%coin-img-ETHETH-0.21%coin-img-BTCBTC+0.07%coin-img-SOLSOL-0.22%coin-img-XRPXRP-0.63%coin-img-USDCUSDC+0.01%coin-img-KFCKFC+0.00%coin-img-CDDCDD-62.69%coin-img-SIRENSIREN+131.54%

Drift Protocol Says April 1 Attack Stemmed From Months-Long North Korean Infiltration

Drift Protocol said in a post on X that early findings into the April 1, 2026 attack point to UNC4736, a North Korea state-sponsored hacking group also tracked as AppleJeus and Citrine Sleet. According to the protocol, the attackers began engaging Drift contributors in autumn 2025, spending roughly six months cultivating in-person contact. The group allegedly dispatched intermediaries to crypto conferences and set up bogus quantitative trading firms, luring contributors into downloading malicious code libraries or applications. Drift has frozen all protocol functions and removed compromised wallets from its multisig setup. The team has brought in Mandiant to run a deeper forensic investigation. The probe also found that on-chain funds used to test the operation can be traced to the same actors behind the Radiant Capital hack in October 2024.
Selected
DRIFT
DRIFT+12.69%
RDNT
RDNT+1.13%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.