Tag: cryptocurrencies

Crypto Project Details Alleged 6-Month North Korean Intel Op Behind $285 Million Hack

Posted on by faz_business



Over the weekend, the team behind Drift, which is a crypto protocol for perpetual futures trading on Solana, provided an update on a hack of the project that occurred on April 1. In the report, a six-month intelligence operation run by a criminal hacking group connected to the North Korean regime is pointed to as the source of the attack. However, some observers are also pointing fingers at the Drift team for reasons of incompetence or worse.

The hack pulled roughly $285 million out of Drift’s storage pools, which held stablecoins like USDC, along with JLP, SOL, and other crypto assets. Two blockchain tracking firms, TRM Labs and Elliptic, pieced together the full sequence.

It began in mid-March 2026. The attackers first moved money through a mixing service called Tornado Cash to hide their tracks and set up special accounts that let them prepare certain transactions in advance. On March 27, Drift’s security team switched to a new approval system that needed only two out of five key holders to sign off on major changes and removed any built-in waiting period that might have triggered an alert. The hackers then created 750 million brand-new fake tokens called CarbonVote Token, or CVT. They manipulated trading activity so Drift’s price-checking tools treated these worthless tokens as legitimate, high-value collateral that could back huge withdrawals.

On April 1, they fired off the pre-prepared transactions. This let them add the fake token to the platform, raise borrowing limits, dump hundreds of millions of the phony tokens into the system, and drain real assets through 31 fast withdrawals. The entire process took around 12 minutes. They quickly swapped the stolen funds into USDC on a Solana exchange and moved everything over to the Ethereum network to cover their tracks.

Notably, this approach echoes a recent exploit on the Resolv protocol and its USR stablecoin. There, an attacker gained control of a privileged AWS signing key, minted nearly 80 million new USR tokens against only a few hundred thousand dollars in actual collateral, and cashed out about $25 million. Both cases hinged on private key access rather than a pure code vulnerability, combined with the ability to issue or collateralize assets far beyond normal limits.

TRM Labs and Elliptic flagged the North Korean connection within days of the April 1 incident. Indicators included on-chain staging that aligned with Pyongyang local time and behavioral patterns matching prior DPRK-linked activity.

Drift’s public update on X provided more details on how the operation allegedly unfolded over six months. In fall 2025, individuals posing as representatives of a quantitative trading firm approached Drift contributors at a major crypto conference. They continued the contact in person at events in multiple countries, established a Telegram group, discussed detailed trading strategies and vault integrations, and even onboarded their own Ecosystem Vault with over $1 million in deposits. The conversations and shared resources appeared routine for legitimate counterparties. After the hack, the group scrubbed their Telegram history and any associated software.

Forensics pointed to three potential vectors for the private key compromise involved in the attack: one contributor may have cloned a code repository that exploited a known VSCode or Cursor vulnerability allowing silent arbitrary code execution; a second was persuaded to download a TestFlight app framed as the firm’s wallet product; and a third vector remains under active review by law enforcement. With medium-to-high confidence, the SEAL 911 team attributed the effort to the same North Korean state-affiliated actors behind the October 2024 Radiant Capital hack. Additionally, the in-person individuals involved were not North Korean nationals but third-party intermediaries, a tactic consistent with DPRK tradecraft.

 

In terms of the Drift team’s culpability in the incident, some have questioned why a protocol managing hundreds of millions would allow downloads of unvetted apps like the TestFlight wallet onto hardware tied to multi-signature access. Others highlighted the lack of stricter compartmentalization between development environments and signing keys, arguing that basic operational security should have prevented the breach regardless of the attacker’s sophistication. “The more I sit on this, the more I can’t help but think we’re dealing with a civil negligence issue,” crypto attorney Ariel Givner wrote on X.

At the same time, security researchers have warned that a genuine six-month intelligence campaign of this caliber suggests similar operations could already be underway against other projects. The level of patience and resource investment implies the actors did not limit themselves to a single target.

North Korea has relied on cryptocurrency theft as a consistent funding mechanism for years. Past major incidents include the 2022 Ronin Network drain of more than $600 million and repeated exchange compromises. In 2025 the regime’s hackers set a new annual record by stealing $2.02 billion, according to a Chainalysis report.

The combination of smoke and mirrors, remote collaboration, and high financial stakes in crypto creates conditions where determined, sophisticated groups, including intelligence agencies, can invest months in building trust before striking. And when hundreds of millions or even billions are potentially available, actors will pursue attacks through extensive, exhaustive means. The data also clearly shows that criminal use of crypto is on the rise, as both illicit transfers and physical attacks on known crypto holders hit new all-time highs last year.



Donald Trump Backs ‘Strategic Bitcoin Stockpile’ in Speech to Crypto Faithful

Posted on by faz_business


Former president Donald Trump outlined a plan to turbocharge crypto growth and make the US a crypto mining powerhouse in his keynote address to the 2024 Nashville Bitcoin Conference on Saturday.

Trump announced that if elected, he would create a strategic bitcoin reserve in the US. “It will be the policy of my administration to keep 100 percent of all bitcoin the US government currently holds or acquires in the future … as a core of the strategic national bitcoin stockpile,” he said.

Right now, the US government owns more than 210,000 bitcoins that were seized via illegal operations like the online dark market Silk Road and the ponzi scheme BitConnect. It’s worth approximately $14 billion at time of writing.

This move confirmed rumors spread by bitcoin enthusiasts who are hopeful that endorsement of a reserve from Trump could bolster the price of the cryptocurrency.

Trump also announced plans to appoint a bitcoin and crypto advisory council, whose task would be to “design transparent regulatory guidance to the benefit of your industry” in the first 100 days of his next presidency. He said he wanted the US to become the “crypto capital of the world.”

Trump also pledged to create a framework for ensuring the safe expansion of stablecoins, “allowing us to extend the dominance of the USD to other places around the world,” and doubled down on his vow to scrap any effort to create a Central Bank Digital Currency (CBDC) or digital dollar, saying “there will never be a CBDC while I’m president of the United States.”

“I will always defend the right to self-custody,” he told the exultant crowd. What got perhaps the biggest cheer was a day one promise to fire Securities and Exchange Commission chair Gary Gensler.

“The moment I am sworn in, the persecution stops and the weaponization against your industry ends,” he said, name-checking Democratic senator Elizabeth Warren of Massachusetts as the industry’s sworn enemy.

He promised to make regulations friendly to crypto mining operations in the US, so workers wouldn’t have to “move to China.” Trump promised, again, to free Ross Ulbricht, imprisoned for life for his involvement with online underground market Silk Road, where people could buy items like illegal drugs before it was shut down in 2013.

The crowd expected the bitcoin strategic reserve announcement. On July 22, Senator Cynthia Lummis of Wyoming posted “Big things … in store this week” on X, two days before Fox Business reported she would “announce legislation for a strategic bitcoin reserve” at the conference.

Lummis appeared before the crowd just after Trump walked off to announce a “present to President Donald Trump”: the bitcoin reserve bill she’d been drafting.

“This is our Louisiana Purchase moment,” she said, elaborating that the bill would take “the bitcoin President Trump just mentioned and pull it into the reserve—[and] that’s only the beginning.”

“Over five years, the United States will assemble 1 million bitcoin,” she added, “Five percent of the world’s bitcoin, and it will be held for a minimum of 20 years and can be used for one purpose—reduce our debt.”