Drifts post-mortem reveals the $285M heist was a six-month DPRK operation (UNC4736/Golden Chollima) beginning fall 2025. Same group behind the X_TRADER/3CX supply chain breach and Radiant Capitals $53M hack. On-chain fund flows trace back to the Radiant attackers. DPRK has fully professionalized social engineering: build trust over months, create fake companies with real branding, then strike in a single transaction. The patient approach pays off literally.

Source: https://thehackernews.com/2026/04/285-million-drift-hack-traced-to-six.html