Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Hackers Exploit Drift in 5 Million Crypto Heist

North Korean Hackers Exploit Drift in $285 Million Crypto Heist

Posted on April 5, 2026 By CWS

Drift, a decentralized exchange operating on Solana, has confirmed that the attack resulting in a $285 million loss on April 1, 2026, was the outcome of an elaborate social engineering strategy by North Korean hackers. The operation, which started in late 2025, was attributed with medium confidence to a hacking group known as UNC4736, also identified by names like AppleJeus and Golden Chollima.

Background of the Attack

The North Korean group involved has a history of targeting cryptocurrency platforms for financial gain, dating back to 2018. Notable past incidents include the 2023 X_TRADER/3CX supply chain breach and a $53 million hack of Radiant Capital in 2024. Drift’s analysis indicates that both on-chain activities and operational behaviors link these attacks to the same threat actors.

According to a report by cybersecurity firm CrowdStrike, Golden Chollima is an offshoot of the Labyrinth Chollima group. It primarily focuses on cryptocurrency theft, targeting fintech firms across the U.S., Canada, South Korea, India, and Europe. Despite improving trade relations with Russia, North Korea continues to seek additional revenue to support its military ambitions.

Details of the Drift Breach

Drift, in collaboration with law enforcement, is investigating the attack that involved a sophisticated social engineering scheme. Beginning in fall 2025, individuals posing as representatives of a quantitative trading company engaged with Drift contributors at various cryptocurrency conferences. These interactions were part of a strategy to build rapport and integrate into the Drift ecosystem.

The attackers, though not North Korean nationals themselves, were technically adept and familiar with Drift’s operations. They established a Telegram group for ongoing discussions, which included sharing trading strategies and tools. In late 2025, they onboarded an Ecosystem Vault on Drift, a move that required strategic engagement with Drift contributors.

Investigation and Future Implications

The investigation has suggested two potential attack vectors. One involved a contributor cloning a malicious code repository, while another was persuaded to test a wallet product via Apple’s TestFlight. These techniques are consistent with methods used by North Korean hackers since December 2025, prompting software updates to counter such threats.

Drift’s findings indicate that the attackers constructed detailed identities to gain trust, further complicating attribution efforts. Meanwhile, North Korea’s malware ecosystem has become increasingly fragmented and compartmentalized, making it resilient against detection and attribution.

As the investigation continues, the broader implications for cybersecurity in the cryptocurrency sector are clear. Organizations must remain vigilant against advanced social engineering tactics and strengthen their defenses to protect against such sophisticated threats.

The Hacker News Tags:crypto theft, Cryptocurrency, Cybersecurity, DeFi, DPRK, Drift, Hacking, Malware, North Korea, social engineering

Post navigation

Previous Post: Fortinet Addresses Critical FortiClient EMS Vulnerability
Next Post: TrueConf Vulnerability Added to CISA’s KEV List

Related Posts

SprySOCKS Backdoor Expands to Windows with New Variants SprySOCKS Backdoor Expands to Windows with New Variants The Hacker News
Malicious Telnyx Versions on PyPI: Audio Steganography Attack Malicious Telnyx Versions on PyPI: Audio Steganography Attack The Hacker News
Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems The Hacker News
Agentic AI Revolutionizes Security Validation Agentic AI Revolutionizes Security Validation The Hacker News
China-Linked Cyber Attacks Target Asian Nations and Journalists China-Linked Cyber Attacks Target Asian Nations and Journalists The Hacker News
Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark