Key Highlights
- Drift Protocol’s latest disaster diary reveals a six-month-long charade by sneaky operatives pretending to be a clever trading firm.
- Three dastardly ways to sneak in were uncovered-take your pick!
- Blame points a finger at UNC4736, the same North Korean gang that nicked $50 million from Radiant Capital. Naughty, naughty!
The Solana-based Drift Protocol, a decentralized perpetual futures exchange, has spilled the beans on the grand April Fool’s Day fiasco of 2026-the second-biggest Solana kerfuffle after the $326 million Wormhole bridge catastrophe in 2022. Turns out, months of sly manipulation, not buggy code, pulled off this digital heist.
Drift’s treasure chest shrank from around $550 million to a measly $250 million after the caper. According to their report, it took “a structured intelligence operation with plenty of resources and careful planning” to make this magic trick happen.
A Six-Month Courtship of Chaos
It all started in the fall of 2025 at a glitzy crypto jamboree. Enter a charming gang posing as a quant trading firm, fluttering about like financial butterflies. Over six months, they wooed Drift contributors, chatting about trading strategies and vaults-like the most boring dinner party you’ve ever attended, if dinner parties involved $1 million deposits.
They even created a Telegram group and acted so convincingly professional that nobody suspected a thing. Between December 2025 and January 2026, they rolled out an Ecosystem Vault, submitted strategy plans, and mingled face-to-face at conferences. By the time April 1 arrived, the “new friends” were trusted partners, ready to vanish with the loot faster than you can say “blockchain blunder.”
Three Sneaky Attack Routes
Investigators sniffed out three devilish ways contributor devices were compromised. One poor soul opened a cloned code repository, another downloaded a “wallet app” from the shady crew, and a third fell into an editor vulnerability trap. Just opening a file, mind you, and kaboom-arbitrary code runs like a gremlin on a sugar high.
North Korea Points a Finger
SEAL 911 suspects UNC4736, a North Korean group also known as AppleJeus or Citrine Sleet. The evidence? Traces back to Radiant Capital mischief and overlapping personas. Blockchain sleuths like Elliptic and TRM Labs nod sagely: “Yep, smells like DPRK mischief.”
Interestingly, the people you met at conferences were likely polite middlemen, not North Korean nationals-those clever hackers outsource their charm offensives.
North Korean Heists Keep Growing
This attack fits a trend: Radiant Capital ($50M), Bybit ($1.5B), and now Drift-all showing humans are more vulnerable than code. Ledger’s CTO compares them to cunning foxes in the henhouse, targeting trust, not contracts.
Current Status & Warning
Drift froze everything it could, removed compromised wallets, and flagged miscreants across exchanges. The DRIFT token plunged over 98%. Roughly 20 Solana protocols got caught in the spill. Lesson? Audit, check, double-check, and treat every device as a potential sneaky gateway.
If your crypto playground smells suspiciously like Drift’s, call SEAL 911 for immediate triage before the sneaky foxes strike again.
Read More
- What Song Is In The New Supergirl Trailer (& What It Means For The DC Movie)
- Why is Tech Jacket gender-swapped in Invincible season 4 and who voices her?
- Dune 3 Gets the Huge Update Fans Have Been Waiting For
- Highly Anticipated Strategy RPG Finally Sets Release Date (And It’s Soon)
- TV legend Carol Kirkwood reveals the reasons why she decided to retire after 28 years with BBC
- Eurogamer Gives ARC Raiders 2/5 Over AI Voices, Dropping Metacritic Score from 94 to 84
- Starfield PS5 Won’t Play Off Physical Disc without a Download
- First Berserker: Khazan Players Are Getting Free Items to Celebrate the Game’s 1 Year Anniversary
- Unforgotten legend Nicola Walker stars in first look at all-new “outrageously witty” comedy drama series
- 49 Years Ago Today, Movie History Was Changed by a Film You’ve Never Even Seen
2026-04-06 10:29