Drift Protocol's $285M Lesson: Never Trust a 'Quant Firm' That Shows Up to Conferences

Drift Protocol has dropped the initial findings on its nearly $285 million April Fools' Day hack—and buckle up, because this isn't your typical smart contract bug story.

Turns out, the attackers weren't some script kiddies running exploit scripts at 3 AM. No, these folks ran a six-month-long infiltration operation straight out of a heist movie. The so-called 'quant trading firm' systematically built trust with the Drift team starting in fall 2025, making face-to-face appearances at crypto conferences worldwide. Telegram chats covered strategy development and product integration. Textbook business partnership—except the whole thing was a Trojan horse.

The dedication was almost impressive. Attackers dropped over $1 million in capital to look legitimate and launched something called an 'Ecosystem Vault.' That's not cheap fake credentials. That's method acting.

The technical side got messy too. One team member cloned a code repository from the attackers for frontend work—and picked up a nasty surprise. Another downloaded what was supposedly a wallet app through TestFlight. VSCodeand cursor vulnerabilities from late 2025 through early 2026 are also on the table. And as if the planning wasn't thorough enough, the attackers deleted all communication records and malware the second the exploit went live. Clean.

Drift's assessment? Medium-to-high confidence this links back to the Radiant Capital 2024 hack—known to be the work of UNC4736, the North Korean-affiliated crew. The in-person meeting folks probably weren't direct DPRK citizens, but let's just say state-sponsored groups have a knack for using third-party intermediaries for the physical stuff.

Post-breach, Drift paused critical functions, removed compromised wallets from the multisig, and got exchanges and bridges to flag the attacker addresses. Mandiant's handling technical analysis, and device forensics are still ongoing.

New findings coming as they surface.

*This is not investment advice.