- Blockchain is a digital ledger that records every transaction on a public network.
- Once a transaction is recorded, it cannot be changed or deleted.
- It is the foundation of Bitcoin, Ethereum, and thousands of other cryptocurrencies.
North Korea didn't just rob one crypto platform this week. It hit two targets at the same time - a direct heist and a hidden software trap - in what looks like the most aggressive week of state-backed crypto theft in recent memory.
Drift - a decentralized finance platform where investors can lend, borrow, and trade crypto - confirmed Wednesday that attackers pulled $280 million off the platform in a single operation.
This wasn't a code exploit. Drift says its smart contracts and core programs were never breached. Instead, the attackers spent weeks working their way into the company's security council - the group that controls admin-level powers - by tricking insiders into approving access they shouldn't have.
They planted two pre-approved transactions on March 23. Then they waited.
On April 1, they fired both transactions, seized admin controls, stripped out withdrawal caps, and moved $280 million before anyone could stop it. Every dollar in Drift's lending, borrowing, vault, and trading features was exposed.
By Thursday morning, blockchain investigators at Elliptic had tied the attack to North Korea. The transaction patterns and laundering methods matched operations Elliptic has tracked from Pyongyang's hackers before.
If confirmed, it would be the 18th North Korean crypto attack Elliptic has flagged this year.
The Drift heist wasn't the only move. Days earlier, suspected North Korean hackers broke into the account of a developer who maintains Axios - an open-source tool baked into thousands of company websites across health care, finance, and tech.
For about three hours, the attackers pushed out infected updates to every company that downloaded the software during that window. Security firm Huntress counted around 135 infected machines spread across about a dozen organizations - and that's just the early tally.
Google-owned Mandiant confirmed the North Korea connection. Its chief technology officer said the hackers will likely use whatever access they gained to hunt for crypto stored at those companies.
Full recovery could take months.
North Korea has turned crypto theft into a pillar of its economy. Pyongyang's hackers pulled in more than $2 billion from crypto platforms last year alone, and U.S. officials have said roughly half of the country's missile program is bankrolled by that kind of theft.
This week showed investors two things at once - North Korea can hit a platform head-on and slip into the software supply chain at the same time.
The Drift attack looks a lot like last summer's $1.5 billion Bybit breach. Both relied on tricking people rather than breaking code. Both moved fast once the trap was sprung.
Crypto security isn't just a tech problem anymore - It's a national security one.
