CP
cyberpings
BreachesHIGH

Drift Protocol - Millions Stolen in Cyberattack Incident

Featured image for Drift Protocol - Millions Stolen in Cyberattack Incident
TRThe Record
📰 6 sources·Summary by CyberPings Editorial·AI-assisted·Reviewed by Rohit Rana
Updated:
🎯

Drift Protocol got hacked, and hackers stole a lot of money—$285 million! It turns out the hackers were from North Korea and spent six months tricking people at conferences to get in. Now, it's super important for everyone using crypto platforms to be careful and protect their money.

Quick Summary

Drift Protocol has suspended services after a major cyberattack attributed to North Korean hackers, resulting in the theft of $285 million in cryptocurrency. This incident underscores the vulnerabilities in decentralized finance platforms.

What Happened

On April 1, 2026, the Drift Protocol, a decentralized finance platform, announced it was the target of a significant cyberattack. Security experts estimate that $285 million worth of cryptocurrency was stolen during this incident, prompting the platform to suspend all deposits and withdrawals immediately. The team at Drift emphasized that this was not an April Fools' joke, as the attack was serious and ongoing. Initial reports indicated unusual activity on the platform, leading to an urgent investigation.

Drift's analysis revealed that the attack was the culmination of a meticulously planned social engineering operation attributed to a North Korean state-sponsored hacking group known as UNC4736. This group, which has a history of targeting the cryptocurrency sector, is believed to have spent six months building rapport with Drift contributors under the guise of a quantitative trading company.

Who's Affected

The theft has impacted a wide range of users who utilize the Drift Protocol for various services, including borrowing, lending, and trading. Operating on the Solana blockchain, Drift caters to a growing community of cryptocurrency enthusiasts and traders. The attack raises concerns not only for Drift's users but also for the broader decentralized finance (DeFi) ecosystem, which has increasingly become a target for cybercriminals.

Experts from blockchain security firms like PeckShield reported that losses could exceed $285 million, while other estimates suggest at least $130 million was siphoned off. This incident marks one of the largest crypto thefts of the year, following other significant breaches earlier in 2026.

How the Attack Unfolded

The attack was described by Drift as a "structured intelligence operation" that required months of planning. Starting in the fall of 2025, individuals posing as representatives of a trading firm approached Drift contributors at major cryptocurrency conferences. These individuals, who were not North Korean nationals, built rapport and engaged in discussions about trading strategies and potential vault integrations. This included onboarding an Ecosystem Vault on Drift, which required the submission of strategy details and a deposit of over $1 million.

The investigation has revealed that the attackers likely used two primary vectors to compromise Drift contributors: one involved a malicious code repository shared by the group, and the other involved persuading a contributor to download a wallet product via Apple's TestFlight. The attackers utilized sophisticated social engineering tactics, including creating fully constructed identities to withstand scrutiny during business interactions.

What Data Was Exposed

While the primary focus of this attack is on the stolen funds, the incident also raises questions about the security measures in place at Drift Protocol. Users' personal data and transaction histories could potentially be at risk if the hacker gains access to internal systems. Drift had previously linked to multiple code audits conducted in 2023 and 2024, but the effectiveness of these audits is now under scrutiny.

As the investigation unfolds, the exact methods used by the hacker remain unclear. Experts are analyzing how the funds were converted into different cryptocurrencies, complicating the traceability of the stolen assets. The implications of this attack could lead to a loss of trust in DeFi platforms, affecting user confidence across the sector.

What You Should Do

If you are a user of the Drift Protocol or any other DeFi platform, it is crucial to stay informed about the situation. Here are some steps you can take to protect yourself:

  • Avoid depositing funds into any affected platform until the situation is resolved.
  • Monitor your accounts for any suspicious activity.
  • Enable two-factor authentication on your accounts for added security.
  • Stay updated through official channels regarding the status of the incident and any recovery efforts.

As the crypto landscape evolves, incidents like this highlight the need for robust security measures and user vigilance. The Drift Protocol's experience serves as a reminder for all cryptocurrency users to prioritize security and remain cautious in an increasingly risky environment.

The Drift Protocol incident illustrates the growing sophistication of cyberattacks targeting the DeFi sector, particularly through social engineering tactics employed by state-sponsored actors like North Korea's UNC4736. Organizations must enhance their security protocols and user education to mitigate such risks.

Original article from

TRThe Record
Read Full Article

Also covered by

BLBleepingComputer

Drift loses $280 million as hackers seize Security Council powers

Read Article
SCSC Media

Drift Protocol estimated to have lost $285M in crypto heist

Read Article
TETechCrunch Security

De-fi platform Drift suspends deposits and withdrawals after millions in crypto stolen in hack

Read Article
THThe Hacker News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

Read Article

Share

Related Pings

HIGHBreaches

Syria’s Security Failures Exposed by Government Account Hack

A recent hack exposed Syrian government accounts, revealing significant cybersecurity weaknesses. This incident raises concerns about the state’s digital security practices and its ability to communicate effectively. Experts warn that without urgent reforms, Syria's digital infrastructure remains at risk.

Wired Security·
LOWBreaches

T-Mobile - Clarifies Details on Recent Data Breach Incident

T-Mobile recently clarified a data breach involving an insider incident, impacting just one customer. Personal financial data remained secure, and the company has taken necessary precautions.

SecurityWeek·
HIGHBreaches

CBP Facility Codes Exposed in Quizlet Flashcards Leak

A Quizlet flashcard set has leaked sensitive information about US Customs and Border Protection facilities, raising serious security concerns.

Wired Security·
HIGHBreaches

Iran Handala Group Breaches Israeli Defence Contractor PSK Wind

Iranian hackers have breached PSK Wind Technologies, an Israeli defense contractor. Sensitive military data has been stolen, posing serious risks to national security. Organizations must strengthen their defenses against such cyber threats.

Security Affairs·
HIGHBreaches

Adobe Breach - Threat Actor Claims Leak of 13 Million Records

A hacker claims to have breached Adobe, leaking sensitive data including 13 million support tickets and employee records. This incident highlights serious third-party security risks.

Cyber Security News·
HIGHBreaches

Americans' Passports Stolen - Hacktivist Attack on Dubai Airport

A hacktivist group has reportedly stolen American passports from Dubai Airport. This breach raises serious concerns about identity theft and fraud risks. Travelers should monitor their information closely.

SC Media·