The decentralized exchange Drift suffered a $285 million theft on April 1, 2026, following a sophisticated, months-long social engineering campaign orchestrated by North Korean state-sponsored hackers.

Key Points

• The attack is attributed to the North Korean hacking group UNC4736, also known as Golden Chollima, which has targeted crypto firms since 2018.
• Hackers spent six months building rapport with Drift contributors at international conferences, using intermediaries to establish trust and deploy malicious code.
• The breach likely occurred through a weaponized Microsoft Visual Studio Code project or a malicious wallet application delivered during the integration process.
• The operation involved sophisticated, fabricated professional identities and the deposit of over $1 million in legitimate funds to bypass internal security scrutiny.
• North Korean cyber operations are increasingly compartmentalized to evade attribution and generate revenue for the regime's military and nuclear programs.

Why it Matters

This incident highlights the extreme lengths state-sponsored actors now take to infiltrate high-value financial targets through long-term, human-centric deception. It serves as a critical warning for the cryptocurrency and fintech sectors that even rigorous professional vetting processes can be bypassed by patient, well-funded adversaries.