Drift: Hackers suspected to be from a North Korean organization, who spent six months making covert contact and ultimately gaining access.

CoinFeed reported on April 5th that Drift released an updated investigation into the attack, indicating that the operation was carried out by the same threat actors as the Radiant Capital hack in October 2024, with highly similar on-chain fund flows and operational methods. Mandiant attributed the Radiant Capital hack to UNC4736, an organization linked to the North Korean government. Furthermore, this attack was meticulously planned over six months. Starting in the fall of 2025, a group posing as a "quantitative trading company" proactively contacted Drift contributors at multiple international crypto conferences.