Drift, a decentralized exchange built on Solana, has revealed that an unauthorized person used a new attack involving durable nonces to break into their system on April 1, 2026 This article explores hackers stolen cryptocurrency. . Elliptic and TRM Labs found signs on the blockchain that North Korean hackers may have stolen the cryptocurrency.

Reports say that people connected to North Korea have stolen more than $6.5 billion in cryptocurrencies in the past few years. This operation is thought to have made a record-breaking $2 billion in 2025, with about $1.46 billion coming from the hack of Bybit in February 2025. As AI gets better, the DPRK's social engineering techniques are getting better too, which makes their threats more widespread than ever. Anyone who has access to cryptoasset infrastructure is now a possible target.

Multiple security companies, such as Google, Microsoft, CrowdStrike, and Sophos, have linked the Axios package supply chain breach to UNC1069, a North Korean hacking group that shares members with BlueNoroff, CryptoCore, Nickel Gladstone, Sapphire Sleet, and Stardust Chollima. The proof includes the same forensic metadata and command-and-control patterns, as well as links to malware that only nickel Gladstone uses. This makes it very likely that Nickel Gladston is behind the Axios attacks.

Since the beginning of the year, this would be the eighteenth DPRK act tracked, with more than $300 million stolen so far. Elliptic says it's part of a bigger, ongoing project that has a lot of resources and is getting more complicated.

The first way to carry out these attacks is still social engineering, which uses fake people and persuasive personas to target the cryptocurrency and Web3 sectors through campaigns like DangerousPassword, CageyChameleon, CryptoMimic, and CryptoCore.