North Korean Operatives Execute Elaborate In-Person Infiltration, Siphoning $285M from Drift Protocol

A sophisticated months-long operation by North Korean state-sponsored hackers successfully extracted $285 million from Drift, according to findings from a leading security intelligence firm. The attack stands out for its uncommon use of physical infiltration tactics, with operatives reportedly spending extended periods working in-person to establish trust and access before executing the theft. This incident adds to an alarming trend of cryptocurrency-focused attacks originating from the isolated nation. The security research reveals that North Korean-backed hacking groups now represent a staggering 76 percent of all cryptocurrency theft and fraud losses recorded throughout 2026. Since 2017, these state-sponsored operations have accumulated approximately $6 billion in stolen digital assets, funds believed to support the regime’s weapons programs and help circumvent international sanctions. The Drift heist demonstrates an evolution in North Korean cyber tactics, moving beyond purely remote attacks to incorporate social engineering and physical presence. This hybrid approach significantly increases the difficulty of detection and prevention, as traditional cybersecurity measures may not account for insider threats established through patient, long-term relationship building. The scale of North Korean involvement in cryptocurrency crime underscores the ongoing challenge facing the digital asset industry in protecting user funds. Going forward, exchanges and protocols will need to enhance both digital security protocols and personnel vetting procedures to defend against these increasingly sophisticated multi-vector attacks.

Source: CoinDesk | This article has been independently rewritten by Block Digest. Original reporting credit to the source.

Disclaimer: This content is for informational purposes only and does not constitute financial advice. Always conduct your own research before making investment decisions.