DRIFT hack traced to Lazarus: North Korea-linked infiltration

The DRIFT hack is linked to North Korea-affiliated attackers tied to the Lazarus Group, with allegations that fake identities were used to infiltrate crypto and DeFi teams over years. MetaMask developer Taylor Monahan said North Korea-linked IT workers have targeted crypto and DeFi firms for at least seven years, affecting 40+ DeFi platforms. The Lazarus Group’s past major thefts cited in the report include the Ronin Bridge hack ($625M, 2022), the WazirX breach ($235M, 2024), and the Bybit heist ($1.4B, 2025). The latest DRIFT Protocol disclosure frames the $280M incident as the result of months of preparation. A key allegation is that team members were individually approached and hired via North Korea-linked intermediaries during conferences. One cited case (from Titan Exchange founder Tim Ahhl) describes a candidate who looked qualified on video calls but refused an in-person meeting—flagged as suspicious. Analysts at ZachXBT warn the same risk persists through job postings and interview processes, and that hiring partners may show negligence if they proceed despite red flags. Trading context: DRIFT is reported around $0.0669 in a downtrend, with weak momentum (RSI near oversold) and a bearish short-term setup near key support. For DRIFT traders, the DRIFT hack narrative increases perceived counterparty and DeFi security risk, which can pressure liquidity and sentiment in the short term until more incident details are confirmed.