Preliminary investigation into the Drift hacking incident shows that team members were contacted by North Korean intermediaries during a meeting.

MeNews · 2026-04-10T11:35:03+00:00

Drift Protocol, after investigating the 2026 attack incident, found that the attack was carried out by the North Korea-backed hacker group UNC4736. This group lured Drift contributors to download malware through fake companies and meetings. Currently, Drift has frozen protocol functions and invited Mandiant to participate in the investigation.

MeNews

2026-04-10 11:35:03

Abstract generation in progress

ME News report: On April 5, 2026 (UTC+8), Drift Protocol posted on the X platform stating that its preliminary investigation into the April 1, 2026 attack event shows the action was orchestrated by UNC4736, a hacker group supported by the North Korean government (also known as AppleJeus or Citrine Sleet). Since the fall of 2025, the group has carried out in-person engagement with Drift contributors for up to six months, including dispatching intermediaries to take part in crypto conferences and setting up fake quantitative trading firms, while inducing them to download malicious code repositories or applications. Currently, Drift has frozen all protocol-level functions and removed the compromised wallets from multi-signature. Mandiant has been invited to join a deep-dive forensic investigation. The investigation confirmed that the on-chain fund flows used to test the operation can be traced back to the Radiant Capital attackers from October 2024. (Source: ChainCatcher)

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.