Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted social engineering operation by North Korea that began in fall 2025. The Solana-based exchange attributed it with medium confidence to North Korean state-sponsored hacking group UNC4736. The threat actor has a history of targeting the cryptocurrency sector for financial theft since at least 2018 and is best known for the X_TRADER/3CX supply chain breach in 2023 and the $53 million hack of DeFi platform Radiant Capital in October 2024. On April 1, 2026, attackers drained approximately $285 million from Drift Protocol in roughly 12 minutes, with most stolen funds bridged to Ethereum within hours. On-chain staging began on March 11, nearly three weeks before the execution.
North Korean Hackers Behind Drift Protocol $285M Attack Confirmed
T
The Hacker News
Monday, April 6, 2026·5 min read·DeFi
Source: thehackernews.com·This article is an original analysis by CryptoFirst based on publicly available information.
#north korea#state hackers#social engineering#drift#attribution
Disclaimer: CryptoFirst provides news analysis for informational purposes only. This is not financial advice. Cryptocurrency investments are subject to market risks. Please do your own research before making any investment decisions.
