Ethical Hacking News
A sophisticated social engineering attack linked to North Korea has stolen approximately $285 million from decentralized exchange platform Drift. The attackers used durable nonce social engineering techniques to gain access to Drift's Security Council administrative powers, ultimately removing all pre-set withdrawal limits and attacking existing funds. This incident highlights the evolving threat landscape in the cryptocurrency sector and underscores the need for increased vigilance and cooperation among exchanges, law enforcement agencies, and cybersecurity firms to combat these threats.
The decentralized exchange platform Drift suffered a massive security breach on April 1, 2026. $285 million was stolen from the platform in the attack. The attackers used a novel technique called durable nonce social engineering to gain unauthorized access to Drift's Security Council administrative powers. The attack is believed to have been carried out by a group linked to North Korea, which has stolen over $6.5 billion in cryptocurrencies in recent years. Drift is coordinating with security firms and law enforcement to trace and freeze the stolen assets. The attack highlights the need for increased vigilance and cooperation among exchanges, law enforcement agencies, and cybersecurity firms to combat North Korean threats.
In a shocking turn of events, the decentralized exchange platform Drift has confirmed that it suffered a massive security breach at the hands of a group believed to be linked to the Democratic People's Republic of Korea (DPRK). The attack, which took place on April 1, 2026, resulted in the theft of approximately $285 million from the platform.
According to reports from blockchain intelligence firm Elliptic, the attackers used a novel technique called durable nonce social engineering to gain unauthorized access to Drift's Security Council administrative powers. This allowed them to execute a malicious admin transfer and introduce a fake asset into the protocol, ultimately removing all pre-set withdrawal limits and attacking existing funds.
The attack is believed to have been carried out by a group of threat actors who have been linked to North Korea in previous incidents. These attacks often involve sophisticated social engineering tactics, including the use of persuasive personas and decoys to target cryptocurrency and Web3 sectors.
In recent years, Elliptic has tracked numerous instances of DPRK-linked actors stealing billions of dollars in cryptocurrencies, with the group believed to have stolen over $6.5 billion in recent years alone. The North Korean cryptoasset theft operation is estimated to be a sustained, well-resourced campaign that is growing in scale and sophistication.
Drift's security breach highlights the evolving threat landscape in the cryptocurrency sector, where sophisticated actors are increasingly using novel techniques to carry out attacks. The use of durable nonce social engineering is particularly noteworthy, as it represents a significant departure from traditional attack methods.
In response to the breach, Drift has confirmed that it is coordinating with multiple security firms to determine the cause of the incident and working with bridges, exchanges, and law enforcement to trace and freeze the stolen assets. The company has also emphasized its commitment to improving its security protocols and ensuring that such an incident does not occur again in the future.
The attack on Drift serves as a reminder of the ongoing threat posed by North Korean actors in the cryptocurrency sector, and highlights the need for increased vigilance and cooperation among exchanges, law enforcement agencies, and cybersecurity firms to combat these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-North-Korean-Crypto-Heist-A-Durable-Nonce-Social-Engineering-Attack-on-Drift-ehn.shtml
https://thehackernews.com/2026/04/drift-loses-285-million-in-durable.html
https://www.coinsurges.com/285m-bug-or-human-error-solana-based-drift-protocol-suffers-largest-exploit-of-2026/
Published: Fri Apr 3 05:07:48 2026 by llama3.2 3B Q4_K_M
