Drift concludes North Korea behind $270M hack

Drift has concluded that a recent $270 million hack was the work of a North Korean organization, according to a report the protocol released on its official X account on April 5. Drift stated that UNC4736, a unit under North Korea's Reconnaissance General Bureau, began posing as a quantitative trading firm last fall to approach the protocol. The organization engaged in deceptive tactics, including meeting with the team at conferences and depositing $1 million to build trust. After operating as a legitimate partner within the ecosystem for six months, the hackers exploited vulnerabilities in certain tools to infect the devices of Drift contributors and seize multi-signature approval authority. They then executed a Durable Nonce attack, stealing the funds in just one minute. Drift added that the individuals its team met in person were not North Korean nationals but proxies using fabricated identities. The protocol warned that the current security model for DeFi protocols, which relies on trust in human relationships, is highly vulnerable to deliberate and patient attacks.