Ledger CTO: The Drift attack method is similar to the Bybit incident, and may be the work of North Korean hackers.

CoinFeed reported on April 2nd that Ledger CTO Charles Guillemet posted on the X platform regarding the Drift attack, stating that the multi-signature wallet using the Drift control protocol may have been compromised for days or even weeks. The attackers either directly stole enough private keys to reach the multi-signature threshold, or more likely, compromised the devices of multiple signers and tricked them into approving a malicious transaction. This modus operandi is similar to last year's Bybit attack and is widely believed to be linked to North Korean hackers. This incident once again highlights the industry's need to raise security standards: strengthen network and endpoint-level detection mechanisms, implement secure key management and hardware signing, and ensure that signers have a complete and clear understanding of the transaction content before approval. Security is not just about code auditing, but also about providing operators and users with the right information to make informed decisions.