North Korean Hackers Exposed in Drift Protocol Heist

A recent investigation has revealed that the $280 million hack of Drift Protocol, a decentralized derivatives trading platform, was the result of a sophisticated six-month intelligence operation by North Korean hackers.

The attackers, known as UNC4736 or AppleJeus, pretended to be a quantitative trading firm and invested over $1 million in an Ecosystem Vault to gain trust with the contributors. They eventually exploited vulnerabilities in the system using malicious software and the VSCode/Cursor vulnerability.

On April 1, 2026, the hackers used pre-signed transactions to steal the funds from the vaults of Drift Protocol, creating a fake token called CarbonVote that tricked the oracles into considering it as real collateral. The stolen money was then transferred to Ethereum.

The investigation highlights the increasing sophistication and danger of cyberattacks in the cryptocurrency field. As blockchain technology continues to evolve, platforms must prioritize security and implement robust measures to prevent similar incidents. By learning from this incident, the industry can strengthen its foundations and build trust among users, ultimately ensuring the future of crypto.