DeFi Industry Confronts New Threat Model: Social Engineering Compromises Human Targets

A recent exploit in the DeFi industry has highlighted a new threat model, where attackers use social engineering tactics to compromise human targets rather than code vulnerabilities. This shift in approach is attributed to North Korean operatives who have been infiltrating crypto firms by posing as developers and building relationships with team members.

According to reports, the $270 million exploit was not a traditional smart contract hack but a months-long social engineering campaign involving fake identities, in-person meetings across multiple countries, and carefully cultivated trust. The attackers allegedly from North Korea did not just find a vulnerability in the system; they became part of it.

DeFi protocols are rethinking their security measures to focus on operational security, team vulnerabilities, and designing systems that assume even trusted actors can be compromised. Some protocols like Jupiter have expanded their use of multisigs and timelocks while investing in detection systems and internal training. The incident has also highlighted the need for a well-fortified security program that protects not just technology but people and process.