{"id":236487,"date":"2026-04-28T04:03:00","date_gmt":"2026-04-28T08:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/28\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap\/"},"modified":"2026-04-28T04:05:08","modified_gmt":"2026-04-28T08:05:08","slug":"drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/28\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap\/","title":{"rendered":"Drift Protocol Exploit: Why \u201cSocial Trust\u201d Is the Newest Cybersecurity Gap"},"content":{"rendered":"<p><a href=\"https:\/\/www.crowell.com\/en\/insights\/client-alerts\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap\">Drift Protocol Exploit: Why \u201cSocial Trust\u201d Is the Newest Cybersecurity Gap<\/a><\/p>\n<p><a href=\"https:\/\/www.crowell.com\/en\/insights\/client-alerts\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap\">https:\/\/www.crowell.com\/en\/insights\/client-alerts\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-28 04:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.crowell.com\">www.crowell.com<\/a><\/p>\n<p>The recent $285 million theft from Drift Protocol serves as a high-stakes reminder that the human element remains one of the biggest cybersecurity gaps in any organization. This was not a \u201chack\u201d in the traditional sense of breaking through a digital wallet. North Korean actors used sophisticated social engineering to exploit human trust \u2015 \u00a0highlighting what looks like a \u201chacking\u201d risk into valuable lessons learned for cybersecurity oversight.<\/p>\n<h3><strong>Background<\/strong><\/h3>\n<p>On April 1, 2026, Drift Protocol, a decentralized perpetual futures exchange on the Solana blockchain, suffered a security incident resulting in the theft of approximately $285 million in digital assets. Drift subsequently attributed the operation to UNC4736, a North Korean state-affiliated group also tracked as AppleJeus or Citrine Sleet.<\/p>\n<p>Mandiant previously attributed the October 2024 Radiant Capital hack to UNC4736 \u2015 in which threat actors stole approximately $50 million using a similar social engineering approach, posing as a known contact and delivering malware through a file shared via a messaging platform.<\/p>\n<h3><strong>What Makes the Drift Exploit Unique <\/strong><\/h3>\n<p>The Drift attack combined a sustained social engineering campaign with technical exploitation. The threat actors began cultivating in-person relationships with Drift personnel in fall 2025, presenting themselves as a legitimate quantitative trading firm. Over the following months, they attended major industry conferences in person, participated in working sessions, helped fix minor issues, and deposited over $1 million of their own capital into the platform \u2015 building the kind of trust that makes their eventual requests appear routine.<\/p>\n<p>The technical compromise was equally deliberate and unfolded in three stages:<\/p>\n<p><strong>Stage 1 &#8211; Device and credential compromise<\/strong>. The threat actors exploited a vulnerability to execute malicious code and distributed that code using a legitimate app store.<\/p>\n<p><strong>Stage 2 &#8211; Obtaining administrative control<\/strong>. The threat actors exploited&#8230;<\/p>\n<p><a href=\"https:\/\/www.crowell.com\/en\/insights\/client-alerts\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Drift Protocol Exploit: Why \u201cSocial Trust\u201d Is the Newest Cybersecurity Gap https:\/\/www.crowell.com\/en\/insights\/client-alerts\/drift-protocol-exploit-why-social-trust-is-the-newest-cybersecurity-gap Publish Date: 2026-04-28&#8230;<\/p>\n","protected":false},"author":1,"featured_media":236488,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.crowell.com\/a\/web\/2vKBYX4tHGLsx339ncXN1U\/bsLYUh\/2026-04-27_social_trust.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,57,27],"class_list":["post-236487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236487"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=236487"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236487\/revisions"}],"predecessor-version":[{"id":236489,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/236487\/revisions\/236489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/236488"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=236487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=236487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=236487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}