The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building

BleepingComputer

The Drift Protocol, a Solana-based trading platform, suffered a $280M+ hack attributed to North Korean threat group UNC4736 (AppleJeus/Labyrinth Chollima). The attack was the result of a six-month in-person social engineering campaign where operatives posed as a quantitative trading firm, approached Drift contributors at multiple crypto conferences across countries, and built trust via Telegram. Two contributors were likely compromised via a malicious code repository (possibly exploiting a VSCode/Cursor vulnerability) and a malicious TestFlight app. The attackers drained funds in about 12 minutes after hijacking Security Council administrative powers. All Drift functions remain frozen and compromised wallets have been removed from the multisig process.

Drift $280M crypto theft linked to 6-month in-person operation