Drift Protocol Releases Results of Investigation into $285 Million Theft

It states that the attack appears to be a long-term, organized infiltration operation lasting approximately six months.

Since the fall of 2025, attackers posed as a quantitative trading firm, continuously contacting Drift team members at multiple international crypto conferences and compromising devices through code repository links and the TestFlight application.

Drift indicates that this operation may be linked to the North Korean-related hacking group behind the 2024 Radiant Capital theft.