The most important part of this story isn’t just the Drift exploit.

It’s the fact that a MetaMask security researcher says North Korean IT operatives worked inside more than 40 DeFi projects over a period of at least seven years. That shifts the discussion from “hackers attacking from outside” to a much harder problem: trusted contributors getting inside protocols under false identities.

That’s what makes this bigger than a normal exploit story.

In Drift’s case, investigators said the operation was built over months, with attackers gaining credibility first and then abusing internal access and Solana’s durable nonce feature. Drift linked the attack with medium-high confidence to a DPRK-linked cluster, and multiple security firms tied it to North Korean actors.

The broader takeaway is uncomfortable but important: for DeFi teams, smart contract audits alone are no longer enough. Hiring, contractor screening, contributor permissions, and internal operational security are now just as important as code security.

If these claims are accurate, a lot of the industry has been underestimating insider risk for years.

Curious how people here see it: is DeFi still treating protocol security too much as a code problem and not enough as a people problem?

submitted by /u/cashflashmil [link] [comments]

r/CryptoCurrencyRead More

You might also be interested in reading Investigation launched into ‘horrifying’ death of streamer.