🐦 Drift Team: "April 1 Hack — a multi-layered operation with 6 months of preparation"

The Drift protocol revealed details of an attack involving the theft of $230 million dollars:

— Since fall 2025, hackers posing as a quantum trading firm approached the Drift team

— They met in person at conferences, communicated for months, and maintained Telegram chats

— They set up a storage, deposited >$1 million, and fully integrated into the ecosystem

— Over six months, they built trust as genuine partners

❗️ The hack on April 1 likely occurred through social engineering + malicious software:

• One of the participants cloned a repository with a backdoor

• Another was tricked into installing a TestFlight app ( fake wallet )

• Possible exploitation of a vulnerability in VSCode / Cursor ( code execution without confirmation )

Currently, all protocol functions are frozen, attacker wallets are marked, multisig is cleared.

There is a high probability that the same group that hacked Radiant ( communication with North Korea ) is behind the attack.

Fake individuals ( non-Koreans ) were used for offline meetings. Completely fake but convincing personas with a history and reputation.

Drift continues the investigation together with Mandiant.