Preliminary investigation into the Drift hacking incident shows that team members were contacted by North Korean intermediaries during the meeting.

MeNews · 2026-04-10T21:54:33+00:00

Drift Protocol, after investigating the 2026 attack incident, found that the attack was carried out by the North Korea-backed hacker group UNC4736, which lured Drift contributors to download malware through fake companies and meetings. Currently, Drift has frozen protocol functions and invited Mandiant to participate in the investigation.

MeNews

2026-04-10 21:54:33

Abstract generation in progress

ME News report: On April 5 (UTC+8), Drift Protocol posted on the X platform that its preliminary investigation into the April 1, 2026 attack indicates that the operation was planned by UNC4736, a hacker group supported by the North Korean government (also known as AppleJeus or Citrine Sleet). Since the fall of 2025, the group has carried out in-person interactions with Drift contributors for up to six months—by sending intermediaries to attend crypto conferences, setting up fake quantitative trading firms, and more—during which it induced them to download malicious code repositories or applications. Currently, Drift has frozen all protocol functions and moved the compromised wallets out of multi-signature. Mandiant has been invited to join the in-depth forensic investigation. The investigation confirmed that the on-chain fund flows used to test this operation can be traced back to the Radiant Capital attacker from October 2024. (Source: ChainCatcher)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

2 Likes