Drift Protocol stated on X that preliminary investigations indicate the attack on April 1, 2026, was orchestrated by the North Korean government-backed hacking group UNC4736. Since autumn 2025, the group engaged with Drift contributors for six months by participating in crypto conferences and establishing fake quantitative trading firms,诱导 downloading malicious code libraries or applications. Drift has since frozen protocol functions and removed the compromised wallets. Mandiant has been invited to assist in the investigation, confirming that the on-chain fund flows can be traced back to the attackers of the Radiant Capital exploit in October 2024.
Drift Protocol Confirms April 1 Attack Orchestrated by North Korean Hackers
AiCoinShare
Summary
Drift Protocol has confirmed that the April 1 attack was carried out by UNC4736, a North Korean hacking group. The attackers engaged with Drift contributors for six months, using fake firms and crypto events to distribute malicious code. A protocol update has been released, with compromised wallets removed and affected functions frozen. On-chain analysis shows the stolen funds were traced to the 2024 Radiant Capital attackers. Mandiant is assisting with the investigation.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.