{"id":25094,"date":"2026-04-05T11:27:38","date_gmt":"2026-04-05T11:27:38","guid":{"rendered":"https:\/\/bitunikey.com\/news\/drift-links-280m-hack-to-radiant-attackers\/"},"modified":"2026-04-05T11:27:44","modified_gmt":"2026-04-05T11:27:44","slug":"drift-links-280m-hack-to-radiant-attackers","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/drift-links-280m-hack-to-radiant-attackers\/","title":{"rendered":"Drift links $280M hack to radiant attackers"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p><strong>Drift Protocol said the April 1 attack on its platform followed months of planning and social engineering.\u00a0<\/strong><\/p>\n<div id=\"cn-block-summary-block_3dde3c117235d375d2c9300350f52c94\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Drift said attackers spent six months building trust before using malicious tools to breach contributor devices.<\/li>\n<li>The exchange linked the exploit with medium-high confidence to actors behind Radiant Capital\u2019s October 2024 hack.<\/li>\n<li>Drift said repeated in-person contact at crypto events helped attackers study contributors and gain access.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The decentralized exchange linked the case to a group that spent time building trust with contributors before sending malicious tools and links. External estimates put the loss at about $280 million.<\/p>\n<p>Drift Protocol <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/DriftProtocol\/status\/2040611161121370409?s=20\" target=\"_blank\" rel=\"nofollow\">said<\/a> its early review found a long and organized campaign against the platform. The team said the attackers showed \u201corganizational backing, resources, and months of deliberate preparation\u201d during the operation.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<p>The exchange said the contact began around October 2025. According to Drift, people posing as members of a quantitative trading firm approached contributors at a major crypto conference and claimed they wanted to integrate with the protocol.<\/p>\n<h1 class=\"wp-block-heading\"><strong>In-person meetings built trust over time<\/strong><\/h1>\n<p>Drift said the group kept meeting contributors at several industry events over the next six months. The team said the people involved were technically skilled, knew how Drift worked, and appeared to have real professional backgrounds.<\/p>\n<p>That steady contact helped the group gain trust. Drift said the attackers later used malicious links and tools shared with contributors to compromise devices, carry out the exploit, and remove traces of their activity after the breach.<\/p>\n<p>In addition, Drift said it has \u201cmedium-high confidence\u201d that the same actors behind the October 2024 Radiant Capital hack carried out this exploit. That earlier attack caused losses of about $58 million and also involved malware used to gain access to internal systems.<\/p>\n<p>Radiant Capital said in December 2024 that a North Korea-aligned hacker posed as a former contractor and sent malware through Telegram. Radiant said \u201cthis ZIP file\u201d later spread among developers for feedback and opened the way for the intrusion.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Drift warns conferences can become attack targets<\/strong><\/h2>\n<p>Drift said the people who met contributors in person \u201cwere not North Korean nationals.\u201d At the same time, the team said DPRK-linked threat actors often use third-party intermediaries for face-to-face contact and relationship building.<\/p>\n<p>The exchange said it is now working with law enforcement and other crypto industry participants to build a full record of the April 1 attack.\u00a0<\/p>\n<p>The case has also added a fresh warning for crypto firms, as conferences and in-person meetings can give threat groups a chance to study teams, build trust, and prepare later attacks.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Drift Protocol said the April 1 attack on its platform followed months of planning and social engineering.\u00a0 Summary Drift said attackers spent six months building trust before using malicious tools&hellip;<\/p>\n","protected":false},"author":1,"featured_media":13174,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-25094","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=25094"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25094\/revisions"}],"predecessor-version":[{"id":25095,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/25094\/revisions\/25095"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/13174"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=25094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=25094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=25094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}