North Korean operatives stole $270 million from Drift in six-month social engineering campaign

North Korean state-sponsored hackers infiltrated decentralized exchange Drift over six months, stealing $270 million through an elaborate operation involving in-person meetings and a fraudulent $1 million deposit, the company disclosed. The attackers posed as representatives of a legitimate quantitative trading firm, conducting face-to-face meetings with Drift personnel and maintaining operational security throughout a prolonged reconnaissance phase. The theft represents one of the largest confirmed North Korean cryptocurrency heists to date and demonstrates the increasing sophistication of Pyongyang's cyber operations, which have become a critical revenue stream for the sanctions-hit regime. The incident highlights vulnerabilities in decentralized finance protocols' vendor verification processes and the risks of social engineering even among technically sophisticated targets. U.S. and international authorities have linked North Korean hackers to billions in cryptocurrency theft in recent years.