VulnHub

Real-time Cybersecurity News

Drift $280M crypto theft linked to 6-month in-person operation

BleepingComputer
Actively Exploited

Overview

The Drift Protocol recently suffered a massive hack, losing over $280 million in cryptocurrency. Investigations revealed that the attackers had been planning this operation for six months, establishing a presence within the Drift ecosystem to facilitate the theft. This sophisticated approach allowed them to bypass security measures and execute their plan effectively. The incident raises significant concerns about the security of decentralized finance platforms, as it shows that even well-established protocols can be vulnerable to prolonged and coordinated attacks. Users and investors should be aware of these risks as they engage with cryptocurrency platforms.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Drift Protocol
  • Action Required: Users are advised to review their security measures and consider using additional protection methods, such as hardware wallets.
  • Timeline: Disclosed on [date]

Original Article Summary

The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]

Impact

Drift Protocol

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Disclosed on [date]

Remediation

Users are advised to review their security measures and consider using additional protection methods, such as hardware wallets. The Drift Protocol should enhance its security protocols and conduct a thorough audit of its systems.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Hong Kong Police Can Force You to Reveal Your Encryption Keys

Schneier on Security

The Hong Kong police can now compel individuals to disclose encryption keys for their personal devices, including phones and laptops. This change stems from a revision to the enforcement of the National Security Law, announced on March 23, 2026. The U.S. Consulate General issued a security alert regarding this development on March 26, warning that travelers could be affected even while passing through the airport. This legal shift raises significant privacy concerns, as individuals may be forced to provide access to sensitive personal information without any legal protections. It is essential for travelers and residents to be aware of this new requirement and consider the implications for their personal data security.

Apr 7, 2026

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

SCM feed for Latest

Recent reports have surfaced about a significant code leak from Claude, an AI chatbot developed by Anthropic. The exposed code could potentially allow malicious actors to replicate or manipulate the chatbot's functions, raising concerns over misuse and security vulnerabilities. Additionally, there has been a compromise involving the Axios NPM package, which affected developers using this popular JavaScript library. The incident emphasizes the risks associated with third-party libraries in software development, particularly in open-source environments. As these security issues come to light, developers and organizations must take extra precautions to safeguard their applications and data from potential exploitation.

Apr 7, 2026

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

The Hacker News

A Chinese hacker group known as Storm-1175 is exploiting a mix of zero-day and N-day vulnerabilities to launch rapid attacks, specifically using Medusa ransomware. These attacks target internet-facing systems that are vulnerable, allowing the group to infiltrate networks quickly. Their ability to identify exposed assets has led to successful breaches, raising concerns for organizations that may not have adequate defenses in place. As these vulnerabilities are actively exploited, it becomes crucial for companies to strengthen their cybersecurity measures. The situation underscores the need for vigilance and timely patching of known vulnerabilities to prevent ransomware infections.

Apr 7, 2026

Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack

SecurityWeek

Wynn Resorts has reported that around 21,000 employees have been impacted by a cyberattack linked to the ShinyHunters hacking group. The breach reportedly involved sensitive employee data, and there are indications that the company may have paid a ransom to prevent the information from being leaked. This incident raises significant concerns about data security in the hospitality industry, especially as personal information becomes more vulnerable to cybercriminals. The fact that such a large number of employees are affected highlights the scale of the attack and the potential risks associated with inadequate cybersecurity measures. As companies like Wynn Resorts face increasing threats from hackers, it becomes critical for them to enhance their security protocols to protect sensitive information.

Apr 7, 2026

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

The Hacker News

Researchers from VulnCheck have discovered that attackers are actively exploiting a severe vulnerability in Flowise, an open-source AI platform. The flaw, identified as CVE-2025-59528, has a maximum CVSS score of 10.0 and allows for remote code execution through a code injection vulnerability in the CustomMCP node. This means that unauthorized users could potentially execute commands on affected systems. Over 12,000 instances of Flowise are exposed, raising significant concerns for users and organizations relying on this platform. It's crucial for those affected to take immediate action to secure their systems against this vulnerability.

Apr 7, 2026

Cyber incident disrupts Massachusetts' emergency communications center

SCM feed for Latest

The Patriot Regional Emergency Communications Center in Massachusetts reported a cyberattack that affected its emergency notification system, CodeRED. This incident disrupted phone lines and systems in several towns across the northern part of the state, leading to concerns about public safety during the attack. Although specific details about the nature of the cyberattack have not been disclosed, the impact on emergency communications raises serious alarms about how such incidents can hinder timely responses in critical situations. The threat to emergency services underscores the vulnerabilities in infrastructure that communities rely on during crises and the need for robust cybersecurity measures to protect these essential systems.

Apr 6, 2026