North Korean hackers' long game ⏳

DPRK hackers spent six months on a social engineering operation to inveigle their way into Solana DEX Drift Protocol before making off with $285 million.

Author

Stephen Graves
April 06, 2026

Together with:

📝 What you need to know

North Korea’s state-sponsored hacking initiatives are getting bolder—and more sophisticated. Solana DEX Drift Protocol, which was hacked for $285 million last week, has revealed that the perpetrators were likely DPRK hacking group UNC4736, and that they spent some six months posing as a quantitative trading firm to infiltrate Drift’s systems.

The hackers’ campaign encompassed fabricated professional identities, third-party intermediaries recruited for in-person meetings at crypto conferences, and malicious developer tools, before the drain was executed, Drift said. Security experts warned that crypto firms now face adversaries that “operate more like intelligence units than hackers,” and that they are underprepared for the threat.

North Korea shows no signs of slowing down as it adds to its multi-billion-dollar stockpile of stolen crypto, with DPRK hackers making away $300 million in crypto across 18 confirmed hacks in 2026 alone, blockchain intelligence firm Elliptic said.

North Korean Hackers Spent Six Months Infiltrating Drift Before $285M Exploit

Drift Protocol said the attackers posed as traders, met contributors in person, and spent months infiltrating before draining the platform.

From our partner

Unverified data is AI’s biggest risk. Walrus makes training datasets and outputs verifiable, so builders can build on proof, not promises.

📰 In the News

Strategy Resumes Bitcoin Treasury Buys With $330M Purchase

The Bitcoin treasury firm reported that the value of its BTC holdings plummeted by $14.4 billion in the first quarter of 2026.

Tom Lee’s BitMine Nears 4% of Ethereum Supply as ETH Price Hits Weekly High

Publicly traded Ethereum treasury firm BitMine Immersion Technologies added $150 million of ETH last week, boosting its $10.3 billion stash.

IMF Warns Tokenized Finance, Stablecoins Could Amplify Financial Crises

Tokenization moves settlement to machine speed, outpacing the tools regulators use today, the International Monetary Fund said.

📊 Myriad Market of the Day

Bitcoin above $68K on April 9 at 4PM UTC?

Trade "Bitcoin above $68K on April 9 at 4PM UTC?" on Myriad

🥇 Be First to Market With Myriad

Join the Myriad Markets Telegram to see the latest prediction markets the second they drop!

With Myriad, the on-chain prediction market launched by Decrypt’s parent company DASTAN, you can break the news and stake the news, using USDC and points.

🕵🏻‍♀️ Editor’s Picks

China Orders Jack Dorsey's Bitchat Pulled from Apple App Store

The decentralized peer-to-peer messaging app has been used by protestors in countries including Nepal, Madagascar and Iran.

Anthropic Spots 'Emotion Vectors' Inside Claude That Influence AI Behavior

Anthrophic researchers say internal emotion-like signals shape how AI large language models make decisions.

Kalshi Scores Biggest Legal Win Yet in Appeals Court Decision Against New Jersey

A panel of appellate judges ruled that Kalshi's sports wagers should be regulated by the CFTC, not state gambling regulators.

📚 Watch & Learn

📹️ WATCH: Tom Lee on ETH's Price Fall, Investing in Mr. Beast Industries, & How Long Crypto Winter Will Last

🎓️ LEARN: What Is Strategy (MSTR)? The Bitcoin Treasury Company

Software firm Strategy and its co-founder Michael Saylor have become synonymous with Bitcoin. Here’s everything you need to know.

Interested in partnering with Decrypt? Find out more here.