How Drift’s Hack Was More Than 6 Months in the Making

Hi! In today's edition:

• 🚨 Drift Protocol's $285 million exploit traced to a six-month North Korean social engineering operation that compromised developers through fake apps and conference trust-building

• 📈 Bitcoin reclaimed $69,000 as Trump extended his Iran deadline, triggering $104 million in short liquidations while spot ETFs quietly absorbed $2.2 billion in four weeks

• ⚖️ Polymarket pulled war-related betting markets after a congressman called them "disgusting," and a Nevada judge banned Kalshi, calling its sports contracts indistinguishable from gambling

• 🔐 Circle's Arc blockchain will launch with post-quantum cryptography built in, preparing for a threat some researchers say could arrive by 2030

Today’s newsletter is brought to you by Nexo!

Unlock Exclusive Rates with Nexo

Nexo is a premier digital wealth platform offering:

• crypto yield up to 15% (based on stated annual interest rates)

• crypto-backed credit lines from 1.9%

• a wide range of digital assets.

Join today and get 30-day access to exclusive rates.

Drift Protocol Links $285 Million Exploit to Six-Month North Korean Intelligence Op

Drift Protocol published a detailed post-mortem of its $285 million April 1 exploit, revealing a structured intelligence operation that began at a crypto conference in fall 2025 and unfolded over six months. A group posing as a quantitative trading firm approached Drift contributors in person, met them at multiple conferences across several countries, and built what appeared to be a legitimate business relationship.

The operatives were technically fluent, carried verifiable professional backgrounds, and deposited over $1 million while onboarding an Ecosystem Vault. They compromised contributor devices through at least three vectors: a cloned code repository, a malicious TestFlight app disguised as a wallet product, and a known VSCode/Cursor vulnerability that silently executed code when a file was opened. After the attack, all Telegram chats and malicious software were scrubbed.

The SEAL 911 security team assessed with medium-high confidence that the same actors were behind the October 2024 Radiant Capital hack, attributed by Mandiant to UNC4736, a North Korean state-affiliated group. The individuals who appeared in person were not North Korean nationals; DPRK operations at this level deploy third-party intermediaries for face-to-face meetings. Drift has frozen all protocol functions and flagged attacker wallets across exchanges.

Bitcoin Retakes $69,000 as Traders Reprice Strait of Hormuz Odds

Bitcoin reclaimed $69,000 over the weekend, briefly touching $70,271 on Coinbase before pulling back, as traders repriced the odds of a resolution to the Strait of Hormuz standoff that has rattled global markets for three weeks. $104 million in short liquidations fueled the move higher.

The catalyst was a shift in tone from President Trump, who extended his deadline for Iran to reopen the strait to Tuesday while telling Fox News there was a "good chance" of a deal within 24 hours. Oil held above $109 but eased slightly on the comments. Spot bitcoin ETFs have absorbed roughly $2.2 billion in net inflows over the past four weeks, suggesting institutional buyers are treating the dip as a buying opportunity rather than a reason to retreat.

Polymarket and Kalshi Both Stumble as Prediction Markets Hit Legitimacy Wall

Both leading prediction markets ran into trouble this week. Polymarket pulled betting markets tied to the rescue of two U.S. airmen downed over Iran after Rep. Seth Moulton publicly called the wagers "disgusting." The platform apologized but still faces criticism over dozens of other active war-related contracts.

Separately, a Nevada judge extended a ban on Kalshi, ruling that its sports outcome contracts are "indistinguishable from gambling." Judge Jason Woodbury rejected Kalshi's argument that its products are federally regulated swaps beyond state jurisdiction and ordered the platform to implement geofencing by May 4. Kalshi plans to appeal.

The parallel setbacks underscore a growing tension: prediction markets won the legal right to operate, but public trust and state-level regulation remain unsettled territory.

Circle's Arc Blockchain Launches With Post-Quantum Security Built In

Circle's Layer-1 blockchain Arc will debut with a post-quantum signature scheme at mainnet launch, making it one of the first chains designed from scratch to survive a future where quantum computers can break today's cryptography. The opt-in feature lets users create quantum-resistant wallets without forcing a network-wide migration.

The phased roadmap extends quantum protection to private state data, then infrastructure like TLS and hardware security modules, and finally validator authentication. Some researchers estimate "Q-Day," the point where quantum machines can crack public-key encryption, could arrive by 2030. Arc's advantage is architectural: building defenses before launch avoids the messy retrofitting that existing blockchains will face.

DON’T MISS UNCHAINED and BITS + BIPS TODAY

At 3pm ET: Laura talks with Amanda Wick, head of Americas at VerifyVASP and Michael Lewellen, head of solutions engineering at Turnkey, about the six-month setup that led to the Drift hack, plus Circle’s inaction as North Korea stole $285 million. 

At 4:30pm ET: Austin Campbell, Ram Ahluwalia, and Chris Perkins give their takes on the long con of the Drift hack, how the Iran War is being funded on both sides by USD(T), plus that controversial Polymarket bet. Also: how detached are token prices from fundamentals? 

Plus, a sneak preview for tomorrow at 12pm ET: SEC Commissioner Hester Peirce and Sumeera Younis of the Crypto Task Force join DEX in the City! 

Join us on X, YouTube or PumpFun.

• 📊 Locked crypto tokens are trading at steep discounts on secondary OTC markets, with top-20 tokens selling at nearly 50% off with a one-year lockup and smaller projects going for as little as 30 cents on the dollar.

• 🔒 HypurrFi, a lending protocol on Hyperliquid’s HyperEVM, warned users not to interact with its primary domain after detecting a suspected hijacking via a social engineering attack on its registrar. Smart contracts and user funds were not affected.

• 🟢 The Ethereum Foundation has staked roughly 45,000 ETH, clearing two-thirds of its 70,000 ETH target under a treasury initiative launched in February to generate yield instead of selling holdings.

• 🇨🇳 Apple removed Jack Dorsey’s Bitchat from the China App Store, citing violations of security assessment rules governing apps with “public opinion or social mobilization capabilities.” The peer-to-peer encrypted messaging app, which works over Bluetooth without internet, has surged in popularity during global protests.

• 💼 Jeff Park resigned as CIO of ProCap, Anthony Pompliano’s $750 million Bitcoin treasury company, after eight months. His next move is unannounced.

• ⛏️ A solo bitcoin miner beat 1-in-28,000 daily odds to claim a $210,000 block reward on CKPool, earning 3.139 BTC from block 943,411.

• 🏦 Charles Schwab opened a waitlist for “Schwab Crypto,” which will offer direct bitcoin and ether trading to its 38.9 million brokerage account holders. A limited Q2 rollout is planned, with availability in all U.S. states except New York and Louisiana.

Enter Bitcoin Capital Markets

Bitcoin’s application layer, Citrea, launched its mainnet, expanding Bitcoin’s utility to privacy, lending, BTC yields, and more.

Past efforts to build a Bitcoin ecosystem were forced to sacrifice programmability or rely on heavy trust assumptions that limited adoption. Citrea marks a new beginning: an end-to-end Bitcoin ecosystem that relies solely on the Bitcoin Network as its source of truth.

Citrea enables:

• cBTC: The first trust-minimized Bitcoin on a fully programmable platform.

• ctUSD: A native stablecoin for Bitcoin, allowing for unified liquidity.

• Bitcoin Capital Markets bringing demand, and utility to the Bitcoin Network.

😂 Happy birthday, Satoshi

1. New York Magazine: Why Citrini Research sent an analyst to the Strait of Hormuz to count ships the satellite data was missing

2. Simon Taylor: Agentic Commerce is Dead:  Invisible Commerce Will Replace it.

3. Jesus Rodriguez: The DeFi Vault Is the Fund: The Model Is the Future Manager