Last week, the $280‑million heist against Drift Protocol was not merely a crime of greed but the latest flourish of a clandestine troupe of North Korean operatives, who have been lurking in the shadows of crypto’s most glamorous projects for nearly a decade.
Seven Years of Elegant Cover, Over Forty Platforms Plundered
MetaMask’s own Taylor Monahan has revealed that these infuriatingly clever technicians have slipped into more than forty decentralized finance platforms, some of them household names that sparkle on crypto dashboards like a polished crystal ball.
Their reputation stretches back to what the industry calls “DeFi Summer” of 2020, when the world’s money intertwined itself with code and revolution.
oh god uhhhh like sushi, thorchain, yam, pickle, harvest, reclaim, swing, paid, naos, shezmu, qrolli, saffron, sifu, napier, harmony, blueberry, stabble, onering, elemental, divvy, la token, impermax, kira, cook, fantom, ankr, gamerse, metaplay, spice, beanstalk, deltaprime,…
– Tay (@tayvano_) April 5, 2026
Monahan insists that the “seven years of blockchain development experience” those artisans proudly print on their résumé is truth as solid as a cathedral dome. They built the very protocols they later vilified.
The state‑sponsored Lazarus Group, the moniker for North Korea’s cyber‑delight, has siphoned an estimated $7 billion from the crypto universe since 2017.
Reportedly:
In 2026 Lazarus made 18 attacks on protocols in 3 months
Stolen funds are funding “North Korea’s Nuclear Weapons”
It’s the most successful venture fund built on hacks
Here is the complete attack timeline
– jussy (@jussy_world) April 5, 2026
Those figures come from the analysts at R3ACH, whose credentials are as polished as their stickers on a laptop rim. Major plunder includes the $625 million Ronin Bridge breach in 2022, the $235 million WazirX heist in 2024, and yet another $1.4 billion grand theft at Bybit in 2025.
Not Only North Korean – Third‑Party Linguists Now in Play
The Drift debacle stands out not because of the perpetrators but because they appeared in a very human guise. The protocol insisted that the meetings were carried out by non‑Korean intermediaries.
It appears the pawns used a refined network of third‑party agents with fabricated names, pre‑written résumés, and chats that could for a moment sat undetected among the crowd.
Lazarus Group is the collective name for all DPRK state sponsored cyber actors.
The main issue is everyone groups them all together when the complexity of threats are different.
Threats via job postings, LinkedIn, email, Zoom, or interviews are basic and in no way…
– ZachXBT (@zachxbt) April 5, 2026
In a playful warning, blockchain sleuth ZachXBT – quite literally called a “sleuth” because his job is to snitch – warned that not all job‑posting threats weigh the same. They are the inexpensive “cheap drama” of the hack world, requiring only endless perseverance to see off‑course.
“If you or your team still falls for them in 2026, you’re very likely negligent,” Zach wrote, with a shrug that would make even the most witty of influencers blush.
Wary firms would do well to consult the US Office of Foreign Assets Control’s public database before signing a contract, lest they unknowingly join a line of disgraced actors. Patterns of fraud can often be seen on a plain spreadsheet, just as the patterns of pity on a bleak estate-there is art in both.
Read More
- All Skyblazer Armor Locations in Crimson Desert
- How to Get the Sunset Reed Armor Set and Hollow Visage Sword in Crimson Desert
- All Shadow Armor Locations in Crimson Desert
- Marni Laser Helm Location & Upgrade in Crimson Desert
- All Golden Greed Armor Locations in Crimson Desert
- All Helfryn Armor Locations in Crimson Desert
- Best Bows in Crimson Desert
- Keeping Large AI Models Connected Through Network Chaos
- All Icewing Armor Locations in Crimson Desert
- How to Craft the Elegant Carmine Armor in Crimson Desert
2026-04-07 09:57