The Hacker News reports that North Korean state-backed hacking operation UNC4736 was blamed for the Apr. 1 crypto heist against Solana-based decentralized finance exchange Drift Protocol, which resulted in the theft of $285 million.Months-long planning has been conducted by UNC4736, also known as Citrine Sleet, AppleJeus, Gleaming Pisces, and Famous Chollima, ahead of the heist, with the DeFi exchange's contributors approached by individuals masquerading as a quantitative trading firm during cryptocurrency conferences last fall in the guise of integrating the protocol, according to an analysis from Drift. Onboarding of an Ecosystem Vault on Drift from December 2025 to January 2026 and continued engagements with contributors then helped facilitate the intrusion, which may have had a cloned code repository and a wallet product download as primary attack vectors."The investigation has shown so far that the profiles used in this third-party targeted operation had fully constructed identities including employment histories, public-facing credentials, and professional networks," said Drift.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




