TL;DR North Korean-linked threat actors pulled off a $285M heist against crypto exchange Drift using IN-PERSON social engineering. They deployed proxies to global conferences to befriend Drift contributors, spent 6 months building a relationship as customers, and even deposited $1M of their own funds to prove they were legitimate.

✨️✨️✨️

Here is what happened:

🔹 Starting in the fall of 2025, a group of individuals (later linked to North Korea) started attending international crypto conferences, with a goal in mind. These proxies were technically fluent, had fully constructed professional identities, with employment histories, and looked nothing like a North Korean.

🔹 This group, posing as employees of a quantitative trading firm, first 𝐚𝐩𝐩𝐫𝐨𝐚𝐜𝐡𝐞𝐝 𝐬𝐩𝐞𝐜𝐢𝐟𝐢𝐜 𝐃𝐫𝐢𝐟𝐭 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐚𝐭 𝐚 𝐦𝐚𝐣𝐨𝐫 𝐜𝐫𝐲𝐩𝐭𝐨 𝐜𝐨𝐧𝐟𝐞𝐫𝐞𝐧𝐜𝐞 𝐟𝐚𝐜𝐞-𝐭𝐨-𝐟𝐚𝐜𝐞. They wanted to discuss integrating with the platform.

🔹 After the initial discussions, they moved their conversations to Telegram, where they spent months discussing legitimate trading strategies.

🔹 "What a pleasant coincidence running into you again!"

Over the next 6 months, the attackers deliberately sought out these same contributors at multiple global conferences. They wanted to continue building trust and credibility.

🔹 Dec. 2025 - Jan. 2026: To checkmate the game, the group onboarded an Ecosystem Vault on Drift. They engaged with the Drift contributors in working sessions, asked relevant & informed questions and eventually, they 𝐝𝐞𝐩𝐨𝐬𝐢𝐭𝐞𝐝 𝐨𝐯𝐞𝐫 $1 𝐦𝐢𝐥𝐥𝐢𝐨𝐧 𝐨𝐟 𝐭𝐡𝐞𝐢𝐫 𝐨𝐰𝐧 𝐟𝐮𝐧𝐝𝐬 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐩𝐫𝐨𝐭𝐨𝐜𝐨𝐥.

🔹 (excerpt from Drift's Incident Update): "Integration conversations continued through February & March 2026. (...) By this point, the relationship was nearly half a year old. 𝐓𝐡𝐞𝐬𝐞 𝐰𝐞𝐫𝐞 𝐧𝐨𝐭 𝐬𝐭𝐫𝐚𝐧𝐠𝐞𝐫𝐬; 𝐭𝐡𝐞𝐲 𝐰𝐞𝐫𝐞 𝐩𝐞𝐨𝐩𝐥𝐞 𝐃𝐫𝐢𝐟𝐭 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐡𝐚𝐝 𝐰𝐨𝐫𝐤𝐞𝐝 𝐰𝐢𝐭𝐡 𝐚𝐧𝐝 𝐦𝐞𝐭 𝐢𝐧 𝐩𝐞𝐫𝐬𝐨𝐧. (...) Links were shared for projects, tools, and apps they claimed to be building"

🔹 𝐀 𝐫𝐞𝐥𝐚𝐭𝐢𝐨𝐧𝐬𝐡𝐢𝐩 𝐡𝐚𝐝 𝐛𝐞𝐞𝐧 𝐞𝐬𝐭𝐚𝐛𝐥𝐢𝐬𝐡𝐞𝐝, 𝐜𝐨𝐧𝐭𝐫𝐢𝐛𝐮𝐭𝐨𝐫𝐬 𝐝𝐢𝐝𝐧'𝐭 𝐭𝐡𝐢𝐧𝐤 𝐭𝐰𝐢𝐜𝐞 𝐰𝐡𝐞𝐧 𝐜𝐨𝐥𝐥𝐚𝐛𝐨𝐫𝐚𝐭𝐢𝐧𝐠 𝐝𝐢𝐠𝐢𝐭𝐚𝐥𝐥𝐲. Drift presumes there may have been multiple technical attack vectors: One contributor may have been compromised after cloning a code repository shared by the group as part of efforts to deploy a frontend for their vault. A second contributor was persuaded into downloading a wallet product via Apple's TestFlight to beta test the app.

On April 1, 2026, as the $285 million was drained, the attackers scrubbed their Telegram chats and vanished.

(Full Incident Background Update from Drift is on X.)

\o/ VLC in space

@videolan

"Why are there almost no Republican scientists? It’s not a mystery. GOP political orthodoxy includes positions that are at odds with the scientific consensus on multiple issues, ranging from the validity of the theory of evolution, to the reality of climate change, to the efficacy and safety of vaccines. In each case the scientific consensus is solidly grounded in evidence."

~ Paul Krugman

#Trump #Repubicans #science #research #facts #truth
/1

https://paulkrugman.substack.com/p/maga-is-winning-its-war-against-us

I am currently looking for Senior Software Engineers positions in Vienna. I am most proficient in Rust and C++, but I have worked with other languages as well (Python, Go, Typescript) and I have done some DevOps/Infra work too (Kubernetes, Docker, Terraform). If you stumble into something that may be a match, don't hesitate to reach

#fedihire #fedihire_at

There is a fresh thing going around about LinkedIn scanning extensions installed in Chrome/Chromium:
https://browsergate.eu/

The website claims "LinkedIn is Illegally Searching Your Computer", and implies the purpose is to find "religious beliefs, political opinions, disabilities".

tl;dr:
- yes, LinkedIn is scanning through a list of 6k+ extensions on Chrome;
- yes, this is bad;
- but the website is disingenuous in making unnecessarily overblown claims.

🧵

#LinkedIn #BrowserGate #Privacy