Drift has released the initial investigation on the April 1st attack, revealing that the same threat actor responsible for the October 2024 Radiant Capital hack carried out the operation. According to PANews, the on-chain fund flow and operational methods closely match those of the previous incident. Mandiant attributes the Radiant Capital hack to UNC4736, an organization linked to the North Korean government. Additionally, the attack was meticulously planned over six months. Starting in the fall of 2025, individuals posing as a 'quantitative trading company' approached Drift contributors at various international crypto conferences.