Drift Protocol Says It Identified Parties Linked to Exploit
According to Drift Protocol, its initial investigation linked the April 1, 2026 attack to North Korean-backed group UNC4736, prompting a full protocol freeze and a forensic probe by Mandiant.
Fact Check
The only claim-specific lead obtained was the traced upstream URL https://x.com/DriftProtocol/status/2040611161121370409 from Odaily newsflash 475344. However, that post could not be fetched, and the two user-supplied X links also failed to fetch. Independent web and X searches for 'Drift Protocol April 1 2026 attack UNC4736 Mandiant protocol freeze' did not return corroborating reports or archived copies confirming that Drift Protocol identified UNC4736, froze the protocol, or engaged Mandiant. The Radiant Capital Incident Update. 2024-12-06 - Medium only shows that Mandiant has linked UNC4736 to another crypto attack before; it does not verify this Drift-specific statement. Because no validated primary source content or reliable corroboration was obtained, the statement cannot be confirmed or cleanly refuted from the evidence gathered in this run.
- Reference: 1
Summary
Drift Protocol said its initial probe connected the April 1, 2026 attack to UNC4736, a North Korean-backed hacker group. The team said the attackers spent six months targeting contributors and that all protocol functions have been frozen following the incident. Drift Protocol also said Mandiant was brought in to conduct a forensic investigation, and that test funds were traced to the attacker behind the October 2024 Radiant Capital incident.
Terms & Concepts
- Protocol: A blockchain-based system or set of smart contracts that provides financial or other network services to users.
- Forensic investigation: A detailed technical inquiry used to trace attack methods, affected systems, and movement of stolen or test funds after a security incident.
- UNC4736: The threat group that Drift Protocol said was linked in its initial probe to the April 1, 2026 attack.