Articles
Crypto Market Analysis

Drift Protocol $280M exploit took 'months of deliberate preparation'

User Image

Por Anônimo

Criado April 05, 2026|2 mins de leitura
Main Image

Drift Protocol said, with “medium-high confidence,” that the recent attack was carried out by the same actors responsible for the $58 million Radiant Capital hack in October 2024.

Drift Protocol, a decentralized cryptocurrency exchange (DEX), says the recent exploit against the platform was a six-month-long, highly coordinated attack.

“The preliminary investigation shows that Drift experienced a structured intelligence operation requiring organizational backing, significant resources, and months of deliberate preparation,” Drift said in an X post on Saturday.

The decentralized exchange was exploited on Wednesday, with external estimates putting losses at around $280 million.

According to Drift, the attack plan can be traced back to around October 2025, when malicious actors posing as a quantitative trading firm first approached Drift contributors at a “major crypto conference,” claiming to be interested in integrating with the protocol.

The group continued to engage contributors in person at multiple industry events over the following six months. “It is now understood that this appears to be a targeted approach, where individuals from this group continued to deliberately seek out and engage specific Drift contributors,” Drift said.

“They were technically fluent, had verifiable professional backgrounds, and were familiar with how Drift operated,” Drift said.

After gaining trust and access to Drift Protocol over six months, they used shared malicious links and tools to compromise contributors’ devices, execute the exploit, and then wiped their presence immediately after the attack.

The incident serves as a reminder for crypto industry participants to remain cautious and skeptical, even during in-person interactions, as crypto conferences can be prime targets for sophisticated threat actors.

Drift said, with “medium-high confidence,” that the exploit was carried out by the same actors behind the October 2024 Radiant Capital hack.

In December 2024, Radiant Capital said the exploit was carried out through malware sent via Telegram from a North Korea-aligned hacker posing as an ex-contractor. 

“This ZIP file, when shared for feedback among other developers, ultimately delivered malware that facilitated the subsequent intrusion,” Radiant Capital said.

Drift said it is “important to note” that the individuals who appeared in person “were not North Korean nationals.”

Related: Naoris launches post-quantum blockchain as quantum security risks gain attention

“DPRK threat actors operating at this level are known to deploy third-party intermediaries to conduct face-to-face relationship-building,” Drift said.

Drift said that it is working with law enforcement and others in the crypto industry to “build a complete picture of what happened during the April 1st attack.”

Magazine: Bitcoin 85% crashes ‘done,’ CLARITY Act speculation mounts: Hodler’s Digest, Mar. 29 – April 4

Source: CoinTelegraph


Outros artigos publicados recentemente

Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic
Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic

Crypto Market Analysis

The market shrank by $7.7 billion in June alone, the largest dollar amount since May 2022's Terra-Lu...

Pakistan crypto chief seeks dialogue after scholar rules against crypto payments
Pakistan crypto chief seeks dialogue after scholar rules against crypto payments

Crypto Market Analysis

Pakistan’s virtual-assets regulator called for continued dialogue on the treatment of digital asse...

Ripple once weighed shutting down and handing XRP to shareholders, CEO says
Ripple once weighed shutting down and handing XRP to shareholders, CEO says

Crypto Market Analysis

Ripple's Brad Garlinghouse says he and co-founder Chris Larsen considered winding the company down a...

Bitcoin, ether little changed as U.S. launches fresh Iran strikes
Bitcoin, ether little changed as U.S. launches fresh Iran strikes

Bitcoin

The U.S. hit Iran for the third time this week and Tehran has reportedly closed the Strait of Hormuz...

Bitcoin is nearing a power law support line Fidelity has tracked since 2015
Bitcoin is nearing a power law support line Fidelity has tracked since 2015

Bitcoin

The group's Dir. of Global Macro Jurien Timmer calls it an accumulation zone but notes the lack of a...

Cambridge study puts Ethereum near the lower end of PoS energy intensity
Cambridge study puts Ethereum near the lower end of PoS energy intensity

Ethereum

Cambridge estimated that Ethereum consumes 7.87 GWh annually and has the second-lowest market-value-...