The Drift Protocol, a Solana-based trading platform, suffered a $280M+ hack attributed to North Korean threat group UNC4736 (AppleJeus/Labyrinth Chollima). The attack was the result of a six-month in-person social engineering campaign where operatives posed as a quantitative trading firm, approached Drift contributors at multiple crypto conferences across countries, and built trust via Telegram. Two contributors were likely compromised via a malicious code repository (possibly exploiting a VSCode/Cursor vulnerability) and a malicious TestFlight app. The attackers drained funds in about 12 minutes after hijacking Security Council administrative powers. All Drift functions remain frozen and compromised wallets have been removed from the multisig process.
Table of contents
Related Articles:Sort: