Driftl: April 1st Attack Was a Long-Term Infiltration Operation Planned by North Korean Hacker Group

Odaily News Drift Protocol posted on platform X stating that preliminary investigations into the April 1, 2026 attack indicate the operation was orchestrated by the North Korean government-backed hacker group UNC4736 (also known as AppleJeus or Citrine Sleet). Since the fall of 2025, the group has engaged in face-to-face interactions with Drift contributors over six months by sending intermediaries to crypto conferences and establishing fake quantitative trading firms, luring them into downloading malicious code repositories or applications. Drift has currently frozen all protocol functions and removed the compromised wallet from the multi-signature setup. Mandiant has been invited to participate in an in-depth forensic investigation. The investigation confirms that the on-chain funds used to test the operation can be traced back to the Radiant Capital attacker from October 2024.