Preliminary investigations suggest connections to the North Korea-associated group called AppleJeus.
- Coin Bureau CEO Nic Puckrin reported that a $280 million exploit of Drift Protocol began at a crypto networking event, indicating a shift in the types of major crypto hacks.
- Drift Protocol, a decentralized derivatives trading platform, detailed the incident in a preliminary report, noting that the exploit unfolded over about six months.
- Charles Guillemet, CTO at Ledger, described the hack as a “highly sophisticated” campaign.
Coin Bureau CEO Nic Puckrin said on Sunday that the $280 million exploit of Drift Protocol (DRIFT) began at a crypto networking event, over “complimentary drinks,” pointing to a shift in how major crypto hacks are carried out.
Puckrin wrote that the attack was the result of a months-long social engineering effort, where attackers attended industry conferences, met contributors in person multiple times, deposited their own capital to build trust, and shared seemingly legitimate code before executing the exploit.
Drift Protocol, a decentralized derivatives trading platform, released a preliminary incident report on Saturday detailing how the attack on Tuesday last week resulted in losses of roughly $280 million after the hackers gained unauthorized access to protocol-controlled funds. The firm explained that the attackers posed as a quantitative trading firm seeking integration and gradually built relationships with contributors through repeated in-person meetings and working sessions across multiple countries.
According to the firm, to build credibility, the group allegedly deposited more than $1 million of its own capital and shared tools that appeared consistent with standard development practices. These interactions later became the likely entry point for the exploit, with Drift Protocol identifying malicious software and compromised devices as key vectors.
Charles Guillemet, the Chief Technology Officer at Ledger, also commented on the attack, saying that the hack appeared to be a “highly sophisticated” campaign.
DRIFT’s price was up over 10% in the last 24 hours. On Stocktwits, retail sentiment around DRIFT moved to ‘bullish’ from ‘extremely bullish’ over the past day, while chatter remained ‘extremely high’ over the past day.
Attack Linked To North Korea-Associated Group
Drift noted that while investigations were still ongoing, the preliminary findings suggested the operation may be connected to the same group behind the Radiant Capital hack, which happened in October, 2024. This had led to a $50 million loss in crypto, according to sources.
The firm cited investigations that indicated overlaps in both on-chain fund flows and operational behavior. The Radiant Capital was attributed to a North Korea-linked group identified as UNC4736, “also tracked as AppleJeus or Citrine Sleet.”
Mantle’s price (MNT) traded down by over 2% over the past 24 hours, reflecting broader weakness across decentralized finance (DeFi)-linked assets following the incident. On Stocktwits, retail sentiment around MNT remained in the ‘neutral’ zone, while chatter levels remained ‘extremely low’ over the past day.
Read also: US Banking Group Challenges Coinbase’s OCC Approval, Calling It A ‘Grave Mistake’
For updates and corrections, email newsroom[at]stocktwits[dot]com.
Read about our editorial guidelines and ethics policy
