Preliminary investigation into the Drift hacking incident shows that team members were contacted by North Korean intermediaries during the meeting.

MeNews · 2026-04-11T01:42:33+00:00

Drift Protocol, after investigating the 2026 attack incident, found that the attack was backed by the North Korea-supported hacker group UNC4736, which lured Drift contributors to download malware through fake companies and meetings. Currently, Drift has frozen protocol functions and invited Mandiant to participate in the investigation.

MeNews

2026-04-11 01:42:33

Abstract generation in progress

ME News message, April 5 (UTC+8): Drift Protocol posted on the X platform that its preliminary investigation into the April 1, 2026 attack event shows that the operation was orchestrated by the North Korea government-backed hacker group UNC4736 (also known as AppleJeus or Citrine Sleet). Since the fall of 2025, the group has engaged in face-to-face interaction with Drift contributors for up to six months by sending intermediaries to attend crypto conferences, setting up fake quantitative trading firms, and inducing the contributors to download malicious code repositories or applications. Currently, Drift has frozen all protocol functions and has moved the compromised wallets out of multi-signature. Mandiant has been invited to participate in a deep forensic investigation. The investigation confirmed that the on-chain fund flow used to test the operation can be traced back to the Radiant Capital attackers from October 2024. (Source: ChainCatcher)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

1 Likes