The long con: How North Korean spies spent months in-person to drain $285 million from Drift
North Korean operatives successfully infiltrated decentralized trading platform Drift through an elaborate months-long social engineering campaign, ultimately draining $285 million from the protocol. The sophisticated attack involved spies working in-person to gain the trust of Drift employees and gradually compromise the platform's security infrastructure. The breach represents one of the largest cryptocurrency thefts attributed to North Korean actors this year.
According to blockchain analytics firm TRM Labs, North Korean hackers have significantly accelerated their cryptocurrency exploitation activities, now accounting for 76% of all crypto exploits recorded in 2026. This marks a substantial increase from previous years and demonstrates the regime's growing sophistication in targeting digital asset platforms. The Drift incident highlights how these groups have evolved beyond simple remote attacks to conducting elaborate, long-term infiltration operations.
The massive theft has sent shockwaves through the decentralized finance (DeFi) sector, raising serious questions about security protocols at major trading platforms. Industry experts warn that the incident could trigger increased regulatory scrutiny on DeFi platforms and their employee vetting procedures. The scale of the breach may also prompt other protocols to reassess their internal security measures and implement more stringent background checks for personnel with system access.
Market observers are closely monitoring whether additional platforms may have been compromised through similar long-term infiltration tactics, as investigators work to trace the stolen funds across blockchain networks.
Source: CoinDesk
