North Korean Hackers Spent Six Months Infiltrating Drift Before $285M Exploit

Drift Protocol has revealed that North Korean hackers orchestrated a sophisticated six-month infiltration campaign that culminated in a $285 million exploit of the decentralized derivatives platform. According to the protocol's disclosure, the attackers posed as legitimate traders and went as far as meeting Drift contributors in person to establish trust and gain deeper access to the platform's systems. The prolonged social engineering operation allowed the hackers to methodically study the platform's vulnerabilities before executing the massive drain.

The attack represents one of the most elaborate cryptocurrency heists attributed to North Korean cybercriminal groups, who have increasingly targeted decentralized finance (DeFi) protocols as part of state-sponsored funding operations. These groups, often linked to the Lazarus Group and other state-backed entities, have been responsible for billions in cryptocurrency thefts over recent years, with proceeds allegedly funding the country's weapons programs and circumventing international sanctions.

The Drift exploit underscores growing concerns about the sophistication of attacks targeting DeFi platforms, particularly those involving extended social engineering campaigns. The incident highlights vulnerabilities beyond smart contract flaws, demonstrating how human factors and trust relationships can be exploited to compromise even security-conscious protocols. Industry experts note this case may prompt stricter verification processes and enhanced security protocols across the DeFi sector.

The revelation comes as regulatory pressure mounts on DeFi platforms to implement stronger security measures and compliance frameworks to prevent such large-scale exploits.

Source: Decrypt

Read original article ↗