The New Attack Playbook: Patient, Methodical, Devastating
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident on April 1, 2026, with Drift revealing that this attack was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025, attributed with medium confidence to a North Korean state-sponsored hacking group dubbed UNC4736.
The threat actor has a history of targeting the cryptocurrency sector for financial theft since at least 2018, and is best known for the X_TRADER/3CX supply chain breach in 2023 and the $53 million hack of decentralized finance (DeFi) platform Radiant Capital in October 2024.
My Take: This attack pattern—six months of reconnaissance, social engineering, patience—is characteristic of a new era of breach sophistication. Rather than smash-and-grab ransomware, state actors are using methodical human engineering. The fact that a crypto exchange couldn't defend against this despite having presumably smart engineers points to a fundamental problem: defenders must be right every time; attackers only need to be right once. This is likely a preview of what enterprise security will face as AI assists both offense and defense.