VulnHub

Real-time Cybersecurity News

$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation

The Hacker News
Actively Exploited

Overview

In a significant security breach, the decentralized exchange Drift reported that it lost $285 million due to an attack linked to North Korea's government. The breach occurred on April 1, 2026, following a six-month social engineering campaign that began in the fall of 2025. Attackers employed sophisticated tactics to manipulate individuals within the organization, ultimately leading to the theft of a large sum of money. This incident raises concerns about the vulnerabilities within decentralized finance platforms and highlights the potential for state-sponsored cybercriminal activities. Companies operating in the crypto space need to enhance their security measures and employee training to prevent such attacks in the future.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Drift decentralized exchange
  • Action Required: Companies should enhance security protocols and employee training against social engineering attacks.
  • Timeline: Ongoing since fall 2025

Original Article Summary

Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025. The Solana-based decentralized exchange described it as "an attack six months in the

Impact

Drift decentralized exchange

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since fall 2025

Remediation

Companies should enhance security protocols and employee training against social engineering attacks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

IT talent looks the other way as wireless security incidents pile up

Help Net Security

Wireless networks in enterprises are becoming more complex, supporting a variety of devices and applications. However, this has led to a rise in security incidents, as highlighted by the 2026 Cisco State of Wireless report. Organizations are facing increased incident rates and higher costs, yet many are still investing heavily in wireless technology. Despite the growing risks, there seems to be a disconnect as IT professionals are not addressing these security challenges effectively. This situation raises concerns about the potential vulnerabilities within enterprise networks, making it crucial for organizations to reassess their security strategies.

Apr 6, 2026

New FortiClient EMS flaw exploited in attacks, emergency patch released

BleepingComputer

Fortinet has issued an emergency security update for a serious vulnerability found in its FortiClient Enterprise Management Server (EMS). This flaw is currently being exploited in the wild, posing a significant risk to organizations using the software. Users of FortiClient EMS should prioritize applying the patch released over the weekend to protect their systems from potential attacks. The vulnerability affects the management of client devices, which could allow unauthorized access or control if not addressed promptly. The urgency of this update highlights the ongoing challenges companies face in securing their environments against evolving threats.

Apr 5, 2026

BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs

Hackread – Cybersecurity News, Data Breaches, AI and More

LinkedIn is facing scrutiny after a report revealed that it tracks over 6,000 browser extensions installed on users' devices. This practice raises serious privacy concerns, as many users may not be aware that their browsing habits could be monitored through these extensions. The BrowserGate report emphasizes that such extensive tracking can lead to potential misuse of personal data. Users of LinkedIn, especially those who rely on various browser extensions for productivity, should be aware of this issue and consider the implications for their privacy. The situation calls for a closer examination of data collection practices by major platforms and how they handle user consent.

Apr 5, 2026

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer

Hackers are actively exploiting a vulnerability known as React2Shell (CVE-2025-55182) to automate the theft of user credentials from Next.js applications. This attack targets systems that have not been updated or patched against this specific vulnerability, making them susceptible to unauthorized access. Researchers have observed that this campaign is widespread, indicating that many developers using vulnerable versions of Next.js may be at risk. The implications are significant, as stolen credentials can lead to account takeovers and further breaches within organizations. Companies using Next.js should prioritize updating their applications to mitigate this threat and protect user data.

Apr 5, 2026

Axios npm hack used fake Teams error fix to hijack maintainer account

BleepingComputer

The Axios HTTP client development team reported that one of their developers fell victim to a social engineering attack, likely orchestrated by North Korean hackers. The attackers used a fake Teams error message to gain access to the maintainer's account, which allowed them to compromise the project. This incident raises concerns about the security of widely-used open-source software, as it demonstrates how easily social engineering tactics can lead to significant breaches. Users and developers of Axios should be aware of these tactics and implement stronger security measures to protect their accounts and projects. The incident serves as a reminder of the persistent threat posed by state-sponsored hacking groups.

Apr 4, 2026

Qilin ransomware group claims the hack of German political party Die Linke

Security Affairs

The Qilin ransomware group has claimed responsibility for a data breach involving Die Linke, a left-wing political party in Germany. The group announced that they have stolen sensitive data from the party and are threatening to make it public unless their demands are met. While Die Linke has confirmed that the incident occurred, they have stated that there was no breach of their systems. This incident raises concerns about the cybersecurity of political organizations, especially given the sensitive nature of the data involved. The threat of public data leaks can have serious implications for political entities, affecting both their reputation and operational integrity.

Apr 4, 2026