Home
News
Details

Drift Protocol Attributes April 1 Attack to North Korea-Backed Hacker Group UNC4736

iconTechFlow
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
DRIFT
$0.052215.48%
AI summary iconSummary

expand icon
Drift Protocol has linked the April 1 Sybil attack to UNC4736, a North Korea-backed group also known as AppleJeus or Citrine Sleet. The attackers used fake companies and in-person meetings at crypto events to build trust over six months, then deployed malicious code to execute a reentrancy attack. Drift has paused protocol functions and removed affected wallets from multisig control. Mandiant’s investigation confirmed the attack is connected to the October 2024 Radiant Capital breach.

Drift Protocol posted on X that preliminary investigations into the April 1, 2026, attack indicate the operation was orchestrated by UNC4736, a North Korean state-sponsored hacking group also known as AppleJeus or Citrine Sleet. Since fall 2025, the group engaged in six months of in-person interactions with Drift contributors by sending intermediaries to crypto conferences and establishing fake quantitative trading firms, ultimately tricking them into downloading malicious code libraries or applications. Drift has since frozen all protocol functions and removed compromised wallets from the multisignature setup. Mandiant has been invited to conduct an in-depth forensic investigation. The investigation confirmed that on-chain funds used to test the operation can be traced back to the attackers behind the October 2024 Radiant Capital breach.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.