y0news
← Feed
Back to feed
💎 DeFi🔴 Bearish🔥 Importance 8/10Actionable

Drift Protocol Hack: How a North Korean Group Spent Six Months Infiltrating a DeFi Protocol

Blockonomi|Brenda Mary|
🤖AI Summary

Drift Protocol suspended all operations after a sophisticated six-month infiltration by a North Korean state-backed group culminating in an exploit on April 1, 2026. The attackers posed as a legitimate trading firm, conducted in-person meetings across multiple countries, and used three attack vectors including a silent code execution flaw in development tools.

Key Takeaways
  • A North Korean state-backed group spent six months infiltrating Drift Protocol by posing as a trading firm.
  • Attackers conducted sophisticated social engineering including in-person meetings across multiple countries.
  • Three attack vectors were identified, including a silent code execution vulnerability in VSCode and Cursor editors.
  • Drift Protocol froze all protocol functions immediately after discovering the targeted exploit.
  • SEAL911 has attributed the attack to the state-backed group, highlighting advanced persistent threat tactics in DeFi.
#drift-protocol#north-korea#defi-hack#state-sponsored#social-engineering#vscode-vulnerability#seal911#protocol-exploit#security-breach#trading-firm
Read Original →via Blockonomi
Act on this with AI
Stay ahead of the market.
Connect your wallet to an AI agent. It reads balances, proposes swaps and bridges across 15 chains — you keep full control of your keys.
Connect Wallet to AI →How it works
Related Articles
DeFi3d ago

Audit admin keys, not just code, expert says after $200 million Drift exploit

DeFi3d ago

‘Not an April Fools joke’: Major Solana-based trading platform Drift exploited for at least $200 million

DeFi4d ago

Lido jumps from all-time low as DAO debates $20m buyback programme