North Korean Hackers Behind $280 Million Drift Protocol Heist

A recent cyberattack on Drift Protocol has shed light on the growing sophistication of cryptocurrency hacking operations. The platform, which offers decentralized derivatives trading services, was compromised in a six-month intelligence operation carried out by North Korean hackers.

The attackers, known as UNC4736 or AppleJeus, gained access to Drift's ecosystem by posing as a quantitative trading firm and investing over $1 million in an Ecosystem Vault. They built trust with the team members, who were approached at industry conferences, and eventually compromised their devices using malicious software.

The final stage of the attack involved the use of pre-signed transactions to steal $280 million from Drift's vaults. The attackers created a fake token, CarbonVote, which was tricked into being considered real collateral by the platform's oracles. The stolen funds were then transferred to Ethereum.