A sophisticated infiltration operation targeting Drift Protocol has sent shockwaves through the decentralized finance sector. According to The Coin Republic, the attackers executed a $280 million drain on April 1, 2026, following a six-month preparation phase that involved building trust across multiple global conferences before deploying malware through shared tools and links. The incident represents a concerning evolution in DeFi attack vectors, as security researchers note the shift from traditional code exploits to human-layer infiltration tactics.
Investigation findings suggest this wasn't an isolated incident. As reported by The Coin Republic, SEALS 911 investigation data pointed to overlaps with the October 2024 Radiant Capital exploit, with on-chain fund movements and operational patterns matching earlier activity attributed to a North Korea-aligned group. This connection indicates a coordinated approach by threat actors who are adapting their methods as protocol-level security defenses improve, forcing them to exploit trust relationships instead of technical vulnerabilities.
