Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Diverg Profile picture
Diverg
@DivergSec
Automated security scans + on-chain investigations, with clear and actionable results.
Apr 3 10 tweets 4 min read
1/10

We've been investigating the @DriftProtocol exploit ($285M) since April 1.

We can confirm along with TRM Labs and Elliptic that North Korea's Lazarus Group (TraderTraitor). Same unit behind Bybit ($1.5B), Ronin ($625M). Was involved.

Here's what our independent on-chain forensics uncovered that hasn't been published. 2/10

The attacker didn't just compromise the multisig once.

Drift migrated to a new Security Council on March 27 (member departure). 2-of-5 threshold, zero timelock.

Within 3 days, the attacker re-compromised the NEW multisig and pre-signed a fresh durable nonce (Mar 31).