Securing
Illustration

Welcome Back!

Log in to your secure account

Forgot Password?
Illustration

Request Consultation

Fill the form to request a consultation

Welcome to Achilles Initiative - Elite Security Solutions

News Details

Home News Drift says $270 million exploit was a si...
Drift says $270 million exploit was a six-month North Korean intelligence operation Intelligence
05 April 2026
CoinDesk

Drift says $270 million exploit was a six-month North Korean intelligence operation

Attackers posed as a trading firm, met Drift contributors in person across multiple countries, deposited $1 million of their own capital, and waited half a year before executing the $270 million exploit of Drift Protocol. According to a detailed incident update, the attackers first made contact around fall 2025 at a major crypto conference, presenting themselves as a quantitative trading firm. They were technically fluent, had verifiable professional backgrounds, and understood how the protocol operated. A Telegram group was established, and over the next six months, they engaged in substantive conversations around trading strategies and vault integrations, standard for how trading firms onboard with DeFi protocols. Between December 2025 and January 2026, the group onboarded an Ecosystem Vault on Drift, held multiple working sessions with contributors, deposited over $1 million of their own capital, and built a functioning operational presence inside the ecosystem. Drift contributors met individuals from the group face-to-face at multiple major industry conferences across several countries through February and March. By the time the attack launched on April 1, the relationship was nearly half a year old. The compromise came through two vectors: a second downloaded a TestFlight application, Apple's platform for distributing pre-release apps that bypasses App Store security review, and a known vulnerability in VSCode and Cursor, where simply opening a file or folder executed arbitrary code. Once devices were compromised, the attackers obtained two multisig approvals, enabling the durable nonce attack that drained $270 million from the protocol's vaults in under a minute. Attribution points to UNC4736, a North Korean state-affiliated group also tracked as AppleJeus or Citrine Sleet, based on on-chain fund flows and operational overlap with known DPRK-linked personas. The individuals who appeared in person at conferences were not North Korean nationals, but DPRK threat actors deploy third-party intermediaries with constructed identities. Drift urged other protocols to audit access controls and treat every device touching a multisig as a potential target. The broader implication is uncomfortable for an industry relying on multisig governance as its primary security model. If attackers are willing to spend six months and a million dollars building a legitimate presence, the question is what security model can catch that.

Share:

Related Articles

06 April 2026 Yahoo

South Korea says 'credible intelligence' indicates North Korean leader's daughter is successor

South Korea's spy agency now believes North Korean leader Kim Jong Un's teenage daughter has been positioned as his successor, citing credible intelligence coll...

Read More
05 April 2026 Silicon Canals

Research suggests that high intelligence doesn't protect against bad decisions - it makes people better at constructing convincing justifications for the bad decisions they were already going to make

a 2012 study out of Yale found that people with the highest science literacy weren’t the most aligned on contested facts. They were the most polarized. Their su...

Read More
03 April 2026 富途牛牛

Geekplus-W and Ubtech Robotics have successively introduced chief scientists, marking the entry of embodied intelligence into a 'top-tier brain' arms race.

Recently, Ubtech Robotics (09880.HK) announced a recruitment drive for a Chief Embodied Intelligence Scientist, offering salaries up to 124 million yuan, signal...

Read More
03 April 2026 富途牛牛

Recruiting for the Position of 'Head of Human AI Solutions': Artificial Intelligence is Spawning a New Wave of Professions

The development of artificial intelligence (AI) has raised concerns about it becoming a 'job killer,' but this technology is creating 640,000 new AI-related job...

Read More