Drift Protocol is a decentralized derivatives trading platform. It has connected the last $280 million hack to a complex six-month intelligence operation by North Korean hackers who disguised themselves as a quantitative trading firm.
The culprits known as UNC4736 or AppleJeus commenced the penetration of the Protocol in the fall of 2025. They met at the conferences of the industry and made relationships with the contributors. They invested more than $1 million of their own money in an Ecosystem Vault, gained trust, and finally, via malicious software and VSCode/Cursor vulnerability, they compromised the devices.
Also Read: Charles Schwab Move Sparks Institutional Crypto Adoption Surge
On April 1 2026, the criminals used pre-signed transactions to steal $280 million from the vaults of Drift Protocol. They created a fake token, CarbonVote, and tricked the oracles of Drift into considering it as real collateral through their exploitation. After that, the attackers transferred the stolen money to Ethereum. Blockchain analytics companies, Elliptic and TRM Labs, have linked this hacking to the North Korean government-backed hackers.
Also Read: KuCoin Secures Exclusive Spot in Nigeria’s Crypto Oversight Pilot, Signaling Regulatory Shift
The hacking of Drift Protocol is an illustration of how cyberattacks in the cryptocurrency field are becoming more advanced and dangerous. Since blockchain technology is constantly developing, it is very important for the platforms to focus on security and introduce strong measures to ward off similar situations.
As the crypto landscape evolves, platforms must prioritize security to stay ahead of sophisticated threats. Implementing robust measures, such as multi-layered defenses and regular audits, can help prevent devastating exploits. By learning from incidents like this Protocol hack, the industry can strengthen its foundations and build trust among users. The future of crypto depends on it.
Also Read: Market Manipulation Crackdown: 10 Crypto Fraudsters Busted in Massive Scheme
