Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Drift Faces 5M Loss in Social Engineering Heist

Drift Faces $285M Loss in Social Engineering Heist

Posted on April 3, 2026 By CWS

Solana-based decentralized exchange Drift has reported a significant security breach resulting in a loss of approximately $285 million. The incident, which occurred on April 1, 2026, involved unauthorized access gained through sophisticated social engineering techniques.

Details of the Security Breach

Drift disclosed that the attack was executed through a novel method using durable nonces, which allowed the perpetrators to quickly assume control over Drift’s Security Council administrative functions. This breach was not due to vulnerabilities in Drift’s software or smart contracts but rather from unauthorized transaction approvals, potentially facilitated by advanced social engineering strategies.

The attackers managed to secure enough multi-signature approvals to perform a malicious administrative transfer, thereby bypassing preset withdrawal limits and seizing control over protocol-level permissions. This enabled them to introduce a fictitious asset and manipulate existing funds.

Investigations and Attributions

Drift is actively collaborating with security firms, exchanges, and law enforcement to trace and freeze the stolen assets. Meanwhile, Elliptic and TRM Labs have released reports suggesting North Korean involvement in the heist. They observed patterns consistent with previous North Korean hacks, including the use of Tornado Cash, cross-chain bridging, and rapid laundering techniques.

TRM Labs highlighted that the attackers devised a fake asset, the CarbonVote Token, and manipulated its perceived value by seeding liquidity and engaging in wash trading. This coincided with the deployment of the token at a specific time in Pyongyang.

Wider Implications and Response

This incident marks what could be the eighteenth North Korean-linked crypto theft this year, with over $300 million already stolen. Elliptic notes that these acts are part of a broader campaign purportedly funding North Korea’s weapons programs, with historical thefts exceeding $6.5 billion.

The North Korean strategy often involves social engineering, exploiting personas to target individuals in the crypto and Web3 sectors. This is part of ongoing campaigns like DangerousPassword and Contagious Interview, which have netted millions in recent months.

In parallel, the Axios npm package supply chain was compromised, attributed to the North Korean group UNC1069. This group is associated with several other notorious hacking entities and is thought to be state-sponsored, focusing on generating revenue for North Korea.

As these attacks grow in sophistication, the threat extends beyond exchanges, posing risks to developers and anyone involved in crypto infrastructure. The use of AI to enhance these social engineering tactics makes it imperative for the industry to bolster defenses.

The Hacker News Tags:blockchain security, Cryptocurrency, Cybercrime, decentralized exchange, Drift, Hack, nonce attack, North Korea, social engineering, Solana

Post navigation

Previous Post: Microsoft Automates Windows 11 25H2 Upgrade Rollout
Next Post: T-Mobile Clarifies Impact of Recent Data Breach

Related Posts

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure The Hacker News
Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign Compromised IAM Credentials Power a Large AWS Crypto Mining Campaign The Hacker News
Why Offensive Security Training Benefits Your Entire Security Team Why Offensive Security Training Benefits Your Entire Security Team The Hacker News
Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds The Hacker News
Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks The Hacker News
Addressing Third-Party Risks: A Key Security Challenge Addressing Third-Party Risks: A Key Security Challenge The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • North Korea-Linked npm Packages Pose Threat to Developers
  • Urgent Update Advised for Apache ActiveMQ Vulnerabilities
  • Major Cybersecurity Incidents: Canadian Hacker, ATM Fraud
  • Top Post-Quantum Cryptographic Solutions for 2026
  • Armored Likho’s BusySnake Threatens Government and Energy Sectors

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark