ALL POSTS

Key Findings North Korean state-sponsored hacking group UNC4736 orchestrated a six-month social engineering campaign against Drift, culminating in the theft of $285 million on April 1, 2026 The operation began in fall 2025 with actors posing as a quantitative trading firm, using in-person meetings at cryptocurrency conferences across multiple countries to build trust with Drift contributors UNC4736 is also tracked as AppleJeus, Citrine Sleet, Golden Chollima, and Gleaming Pis

Key Findings Drift Protocol lost $285 million in a sophisticated attack attributed to North Korean-linked hackers on April 1, 2026 Attackers used durable nonce accounts to pre-sign transactions and compromised multisig approvals to gain admin control The operation involved multi-week preparation with staged execution across multiple phases Stolen funds were rapidly drained from multiple vaults within seconds and laundered across wallets This marks the 18th confirmed North Kor