Drift: The April 1st attack was orchestrated by UNC4736, a hacking group supported by the North Korean government.

DeepFlowTech · 2026-04-05T02:40:14+00:00

Drift Protocol confirmed on the X platform that the attack event on April 1, 2026, is related to the North Korea-backed hacker group UNC4736, which lured contributors to download malicious software through a middleman. Drift has frozen protocol functions and invited Mandiant to conduct an investigation.

DeepFlowTech

2026-04-05 02:40:14

Abstract generation in progress

Deep Tides TechFlow message, April 05, Drift Protocol posted on the X platform stating that its preliminary investigation into the April 1, 2026 attack incident shows that the action was planned by the hacker organization UNC4736 (also known as AppleJeus or Citrine Sleet), which is supported by the North Korean government. Since the fall of 2025, the organization has conducted in-person interactions with Drift contributors for more than six months and induced them to download malicious code repositories or applications, by sending intermediaries to attend crypto conferences, establishing fake quantitative trading companies, and other methods.

At present, Drift has frozen all protocol functions and has removed the affected wallets from multi-signature custody. Mandiant has been invited to participate in a deep forensics investigation. The investigation confirmed that the on-chain funds used to test the action could be traced back to the Radiant Capital attacker from October 2024.

DRIFT32,75%

RDNT-1,49%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.