## North Korean Hackers Infiltrated Drift Protocol for Six Months Before $285 Million Exploit
The $285 million exploit of the Solana-based DeFi platform Drift Protocol was not a smash-and-grab operation but the culmination of a sophisticated, six-month infiltration campaign by North Korean state-linked hackers. According to the protocol's own investigation, the attackers meticulously posed as legitimate traders, building credibility and trust within the community before executing the massive theft.

The hackers, identified as part of the notorious North Korean Lazarus Group, went to extraordinary lengths to embed themselves. They allegedly engaged with Drift Protocol contributors in person, a rare and high-touch tactic in the typically anonymous crypto space, to deepen their cover. This prolonged social engineering operation allowed them to study the platform's defenses and identify a critical vulnerability, which they ultimately exploited to drain funds.

This incident signals a dangerous escalation in the tactics of North Korea's cyber warfare units, moving beyond technical exploits to include long-term, human-centric intelligence gathering within target communities. The Lazarus Group's success in extracting a quarter-billion dollars from a single platform underscores the severe and persistent threat state-sponsored actors pose to the entire DeFi ecosystem, raising pressure on protocols to enhance both technical and social operational security.
---
- **Source**: Decrypt
- **Sector**: The Network
- **Tags**: cyber warfare, DeFi exploit, social engineering, crypto security, state-sponsored hacking
- **Credibility**: unverified
- **Published**: 2026-04-06 10:56:56
- **ID**: 51310
- **URL**: https://whisperx.ai/en/intel/51310