Drift $285 Million Exploit Linked to North Korean State-Sponsored Actors

Drift protocol confirmed that its $285 million exploit resulted from a sophisticated social engineering campaign linked to the North Korean group UNC4736. New research by Taylor Monahan of MetaMask reveals that this incident is part of a systemic infiltration effort active since 2020, much earlier than previously suggested. North Korean operatives have reportedly infiltrated over 40 DeFi platforms by embedding themselves as team members within project development groups. The attackers utilized advanced tactics, including fake identities and industry networking, to gain unauthorized access to critical systems. This broader context indicates that the Drift attack, which also shares links with the Radiant Capital breach, is part of a four-year campaign targeting decentralized infrastructure. Drift continues to collaborate with security professionals to bolster its defenses against these persistent state-sponsored threats. The findings highlight a significant escalation in the scope and duration of North Korean operations within the crypto ecosystem.