They Shared Coffee and Code—Then Stole $285 Million in a North Korea–Linked Crypto Hack

What looked like a legitimate business partnership turned out to be a six-month North Korean intelligence operation.

BY AMAYA NICHOLE, NEWS WRITER

Illustration: Inc; Photo: Getty Images

One of the largest cryptocurrency trading platforms revealed last week that an attack led to the theft of $285 million with user’s funds being affected. They allege that this is the result of a months-long, carefully orchestrated operation by the Democratic People’s Republic of Korea (DPRK).

“The investigation has shown so far that the profiles used in this third-party targeted operation had fully constructed identities including employment histories, public-facing credentials, and professional networks,” Drift said. “The people Drift contributors met in person appeared to have spent months building profiles, both personal and professional, that could withstand scrutiny during a business or counterparty relationship.”

“This unprecedented breach fundamentally rewrites the threat model for every single protocol in the crypto industry,” said Guy Turner of Coin Bureau.

While Drift is working with law enforcement and forensic partners to piece together the sequence of events that led to the hack, The Hacker News has hypothesized a timeline of events that led to the attack.

How Anthropic's Claude AI Became a Co-Founder

Last fall, a group posing as a quantitative trading firm began making their approach. They showed up at major crypto conferences across multiple countries, striking up conversations with specific Drift contributors under the guise of wanting to integrate with the protocol. Drift explained that the people at the conferences were “not North Korean nationals” and believe that the DPRK have deployed “third-party intermediaries to conduct face-to-face relationship-building.”

Over the next six months, they were a consistent presence at industry events, methodically building trust and rapport with their targets.

“A Telegram group was established upon the first meeting, and what followed were months of substantive conversations around trading strategies and potential vault integrations. These interactions are typical of how trading firms interact and onboard with Drift,” the company said.

© Inc.com