Preliminary investigation into the Drift hacking incident shows that team members were contacted by North Korean intermediaries during a meeting.

MeNews · 2026-04-09T23:16:03+00:00

Drift Protocol, after investigating the 2026 attack incident, found that the attack was backed by the North Korea-supported hacker group UNC4736, which lured Drift contributors to download malware through fake companies and meetings. Currently, Drift has frozen protocol functions and invited Mandiant to participate in the investigation.

MeNews

2026-04-09 23:16:03

Abstract generation in progress

ME News Report, April 5th (UTC+8), Drift Protocol posted on X platform stating that preliminary investigations into the April 1, 2026 attack indicate the operation was orchestrated by the North Korean government-backed hacker group UNC4736 (also known as AppleJeus or Citrine Sleet). The group has been engaging in face-to-face interactions with Drift contributors for up to six months since fall 2025 by dispatching intermediaries to participate in crypto conferences, establishing fake quantitative trading firms, and inducing them to download malicious code repositories or applications. Currently, Drift has frozen all protocol functions and removed the compromised wallets from multi-signature. Mandiant has been invited to participate in an in-depth forensic investigation. The investigation confirmed that the on-chain fund flow used to test this operation can be traced back to the Radiant Capital attackers from October 2024. (Source: ChainCatcher)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.