North Korean spies spent months in-person to drain $285M from Drift
5 hours ago
- #DeFi Security
- #Crypto Hacks
- #North Korean Hackers
- North Korean state-backed hackers, particularly DPRK and Lazarus groups, accounted for about 76% of global crypto hack losses in 2026, totaling nearly $600 million, with cumulative thefts exceeding $6 billion since 2017.
- These hackers are described as becoming more precise and faster, employing tactics like months-long, in-person social engineering campaigns, as seen in the $285 million Drift Protocol exploit.
- Major exploits included the $292 million KelpDAO breach, which triggered a major DeFi crisis by causing $13 billion in withdrawals and leaving Aave with a significant bad-debt issue, prompting industry backstop efforts.
- The Drift and KelpDAO exploits differed in methods: DPRK patiently held stolen funds post-Theft, while Lazarus rapidly laundered proceeds through intermediaries, showcasing varied operational patterns in cashout strategies.
- The report highlights a shift from remote attacks to sophisticated, direct engagements, emphasizing North Korea's evolving crypto hacking strategies and their significant impact on the global crypto ecosystem.