BITWU.ETH 🔆|4月 05, 2026 03:55
It’s honestly hard to imagine—the Drift incident this time was a meticulously planned setup that involved six months of infiltration and multi-layered social engineering strategies!
Every protocol should stay vigilant and conduct self-checks. Scams targeting project teams are only going to get more covert and complex, bypassing nearly all the so-called 'reliable' security defenses you think you have.
Let’s break down the attack methods from this incident—
1⃣ Early Infiltration (6 months):
Someone claiming to be from a 'quantitative trading firm' approached the Drift team at an international crypto conference. They discussed strategies and product integrations via Telegram groups and even invested over $1 million on the platform to fake credibility.
They held multiple in-person meetings with core contributors and built a complete identity system (career history, public background).
2⃣ Execution Path:
1) Tricked the team into cloning a malicious code repository.
2) Downloaded a test app disguised as a wallet.
3) Exploited vulnerabilities in VSCode and Cursor (which the security community had already warned about) to execute malicious code without detection.
3⃣ Cleanup: After the attack, they quickly deleted chat records and traces of the malicious software.
The behavior pattern is similar to the 2024 Radiant Capital attack, pointing to the North Korea-linked hacker group UNC4736 (AppleJeus).
The combination of offline trust-building and supply chain vulnerabilities pretty much explains why, even though it was permissionless, the protocol still got breached:
Because damn it, the problem wasn’t even in the code!
This serves as a wake-up call for all DeFi projects: security reviews should prioritize human factors (background checks, least privilege access, etc.) instead of relying solely on code audits.
This is seriously terrifying when you think about it!
Share To
HotFlash
APP
X
Telegram
CopyLink