🚨It is really hard to imagine that this Drift incident was a setup that lurked for half a year and employed multiple layers of social engineering strategies!

All protocols should be vigilant and self-check; the scams targeting project parties will only become more covert and complex, nearly bypassing all the security defenses you thought were reliable;

Let’s review the attack methods this time——

1⃣Preliminary infiltration (6 months):

A person claiming to be from a "quantitative trading company" contacted the Drift team at an international crypto conference, discussed strategies and product integration in Telegram groups, and invested over $1 million in the platform to fake credibility.

Numerous offline meetings with core contributors were held to construct a complete identity system (career history, public background).

2⃣Execution path:

1）Induced cloning of malicious code repositories.

2）Downloaded a test application disguised as a wallet.

3）Executed malicious code unconsciously using VSCode and Cursor vulnerabilities (which the security community had already warned about).

3⃣Post-attack cleanup: Quickly deleted chat records and traces of malware after the attack.

The behavioral pattern is similar to the 2024 Radiant Capital attack, pointing to the North Korean hacker group UNC4736 (AppleJeus).

The combination of offline trust and supply chain vulnerabilities can basically explain why it is permissionless, yet the protocol was still breached:

Because it fundamentally wasn’t a code issue!

This also serves as a wake-up call for all DeFi projects: security audits should prioritize strengthening human defense (background checks, minimizing permissions, etc.), not just rely on code audits.

It’s truly frightening to think about!

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。