•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Drift Protocol published a detailed post-mortem of the $285 million exploit it suffered on April 1, describing what it called “a structured intelligence operation requiring organizational backing, significant resources, and months of deliberate preparation.” The protocol has frozen all remaining functions, removed compromised wallets from its multisig, and engaged Mandiant for the forensic investigation. The operation began in fall 2025 when a group posing as a quantitative trading firm approached Drift contributors at a major crypto conference. Over six months, individuals from the group met team members face-to-face at multiple industry events across several countries. They had verifiable employment histories and professional networks, engaged in substantive conversations about trading strategies, and between December 2025 and January 2026 onboarded an Ecosystem Vault, depositing over $1 million of their own capital. This story is an excerpt from the Unchained Daily newsletter. Subscribe here to get these updates in your email for free The infiltration used at least three attack vectors. One contributor was compromised after cloning a code repository the group shared under the guise of deploying a vault frontend. A second downloaded a TestFlight application presented as their wallet product. A third vector likely exploited a known VSCode and Cursor vulnerability flagged by the security community throughout late 2025: simply opening a file in the editor silently executed arbitrary code with no prompt or warning. After the exploit, the attackers scrubbed all Telegram conversations and malicious software. The SEAL 911 security team assessed with medium-high confidence that the same actors carried out the October 2024 Radiant Capital hack, which Mandiant attributed to UNC4736, a North Korean state-affiliated group also tracked as AppleJeus or Citrine Sleet. Onchain fund flows and operational persona overlaps link the two campaigns. The individuals who appeared in person were not North Korean nationals; DPRK operations at this level deploy third-party intermediaries for face-to-face contact. Drift urged other teams to audit access controls and treat every device that touches a multisig as a potential target.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
