The post How North Korea’s 6-month long secret espionage program has crypto community rethinking security appeared on BitcoinEthereumNews.com.

When Drift disclosed the details behind its $270 million exploit, the most unsettling part wasn’t the scale of the loss — it was how it happened. According to the team behind the protocol, the attack wasn’t a smart contract bug or a clever piece of code manipulation. It was a six-month campaign involving fake identities, in-person meetings across multiple countries and carefully cultivated trust. The attackers, allegedly from North Korea, didn’t just find a vulnerability in the system. They became part of it. This new threat is now forcing a broader reckoning across decentralized finance. For years, the industry has treated security as a technical problem, something that could be solved with audits, formal verification and better code. But the Drift incident suggests something far more complex: that the real vulnerabilities may lie outside the codebase altogether. Alexander Urbelis, chief information security officer (CISO) at ENS Labs, argues the framing itself is already outdated. “We need to stop calling these ‘hacks’ and start calling them what they are: intelligence operations,” Urbelis told CoinDesk. “The people who showed up at conferences, who met Drift contributors in person across multiple countries, who deposited a million dollars of their own money to build credibility: that’s tradecraft. It’s the kind of thing you’d expect from a case officer, not a hacker.” If that characterization holds, then Drift represents a new playbook: one where attackers behave less like opportunistic hackers and more like patient operators embedding themselves socially before making a move onchain. “North Korea isn’t scanning for vulnerable contracts anymore. They’re scanning for vulnerable people… That’s not hacking. That’s running agents,” Urbelis added. The tactics themselves aren’t entirely new. Investigations in recent years have shown North Korean operatives infiltrating crypto firms by posing as developers, passing job interviews and even securing roles under fake…

---

Filed under: News - @ April 7, 2026 1:25 pm