North Korea DRIFT Hack: 285M$ Heist Details
Contents
North Korean state-sponsored hackers are taking the stage in the cryptocurrency sector with in-person social engineering tactics and sharpening their operations. According to the report from security intelligence firm TRMLabs, DPRK and Lazarus groups accounted for 76% of all crypto scams and hack losses in 2026. These attackers have stolen assets exceeding 6 billion dollars since 2017.
285 Million Dollar Heist in DRIFT Protocol
The 285 million dollar heist targeting Drift Protocol was exemplified by months of real-life meetings; North Korean proxies sat at the table with protocol employees to gain trust. TRMLabs Policies and Government Relations Global Director Ari Redbord described it as “beyond remote keyboard operations.” This evolution shows that hackers can bypass basic securities like multisig and timelock by manipulating the human factor.
TRMLabs Report: 76% of 2026 Crypto Losses from DPRK
The report emphasizes the attackers' speed and precision; 76% of this year's losses, or approximately 600 million dollars, belong to these groups. Warnings from financial intelligence firms are pushing protocol developers back to traditional measures and questioning the effectiveness of global sanctions. Check technical data for DRIFT detailed analysis.
Technical Details of the Attack and Fund Flows
In the DRIFT case, hackers converted stolen funds to USDC and bridged to Ethereum, then converted to ETH and left them idle – consistent with DPRK's years-long cash-out model. KelpDAO's 292 million dollar breach drew a different scenario; attackers rushed to launder funds through THORChain (RUNE) and Umbra, following Chinese intermediaries' TraderTraitor tactic. Other cases like Wasabi Protocol erupted with similar key breaches. Large-scale outflows from DeFi platforms occurred after KelpDAO; Aave, Celsius, and similar lending services were affected.
DRIFT Delisted: Upbit and Bithumb Decision
Breaking news: $DRIFT has been removed from Upbit and Bithumb exchanges. This delisting narrowed liquidity post-hack, increasing price pressure. Volatility also rose in the DRIFT futures market. Other affected assets include AAVE and ETH.
Why Did DRIFT Price Drop? Technical Analysis
DRIFT is currently at $0.04 level, 24h change -7.39%. RSI 47.21 (neutral), trend downtrend, Supertrend bearish, EMA 20: $0.0389.
| Support Levels | Price | Score | Distance |
|---|---|---|---|
| S1 | $0.0389 | 54/100 (medium) | -0.69% |
| S2 | $0.0329 | 54/100 (medium) | -16.01% |
| Resistance Levels | Price | Score | Distance |
|---|---|---|---|
| R1 | $0.0402 | 71/100 (strong) | +2.63% |
| R2 | $0.0437 | 68/100 (strong) | +11.56% |
R1 resistance is strong; if broken, recovery is possible. Hack and delisting triggered short-term bearish signals.
Risk Analysis and Lessons for DRIFT Investors
This evolution indicates that North Korea is focusing rather than expanding its crypto attacks; faster and more sophisticated moves make it mandatory for the sector to invest in physical security. Investors should monitor related coins like AAVE detailed analysis. Recommendations: Mandate multisig, provide social engineering training, track money laundering with blockchain analysis tools.