How State-Sponsored Hackers Like DPRK Drain DeFi Protocols: Uneasy Money

**Kain Warwick** (0:00)
Hi, everyone. I'm Kain Warwick, and welcome to Uneasy Money, because what happens on chain never stays on chain. Before we start, nothing you hear on Uneasy Money is financial advice. We're just three builders talking about what's happening on chain, and we want you to always do your own research before aping it. You can find all our disclosures at unchainedcrypto.com/uneasymoney. And before we begin, here is a word from the sponsors that make the show possible.

**SPEAKER_2** (0:22)
The Energy Network is an intelligent and innovative company that has been able to utilize the best of its services to balance supply and demand. Energy Dollar is the native token of the network from one of Europe's fastest growing energy startups. Follow at Fuse Energy on X to find out more. Multi-Chain Advisors is an emerging technology growth firm that has helped create $50-plus billion in enterprise value for 80-plus clients over the past four years. They are the partner to help navigate markets. Build real traction today at multichainadv.com.

**Kain Warwick** (1:01)
All right. I'm here with my co-host, Taylor Monahan, security expert, and Luca Netts, dog enjoyer. We are, yeah, we've got some wild stuff to talk about today. I think the first thing that we need to jump straight into basically is Drift Protocol hack.
It's sitting at 250 million plus right now. Is that right, Tay?

**Taylor Monahan** (1:31)
Yeah. It's a lot of money.

**Kain Warwick** (1:33)
It's a lot of money.
So Tay and I were talking about this before we started and I was like, it's not really a postmortem yet. It's like an active mortem or like something. So we don't know that much, I guess, about exactly what has happened here. So just probably leading with like, there's a lot of speculation, a lot of uncertainty, because this is like a couple of hours old. So we will do our best to unpack it. But again, this is all like someone in flight.

**Luca Netz** (2:13)
Hats usually this big, the guys just usually just take a 10% white hat fee. I mean, like, I don't know how you move $200 million into a...

**Kain Warwick** (2:22)
Well, unfortunately, we think that this is probably... I think it's a DPRK, right, Tay? Is that where we're at?

**Taylor Monahan** (2:33)
Ah, it's two hours old. That's not... I can't attribute publicly like this. I will say... I'll say this. The second I saw the stuff, I made a lot of calls to get the full set of indicators for recent DPRK stuff to see if we could get more insight. I think especially relevant and like the thing that's top of mind is obviously the Axios hack happened yesterday. That was DPRK and that was specifically DPRK who is very crypto motivated.
That entire supply chain attack was, the goal is to steal crypto. The timing feels sus. It feels like that would be very, that makes sense. But a lot of times with these things, it's a bit more complex. Just because you find one easy narrative doesn't mean that that is the answer.

**Kain Warwick** (3:28)
What's going on? Sorry, just to clarify for people at home so that we're clear about this. The reason why the fact that Axios hacked yesterday. So, there was a supply chain attack yesterday, which was some DPRK guys who usually are like Zoom-focused guys and they have leveled up a little bit into other stuff, which like these guys are not the most sophisticated people for what it's worth, like as someone who has a pen pal in one of these groups, they're not the brightest bulbs in the bulb factory, put it that way.
And there's something weird about them being like, we now are a supply chain attackers. So they were able to compromise this like huge dependency in like a bunch of stuff, right? And we don't yet know how that happened exactly.

**Taylor Monahan** (4:33)
Oh, we, it's, it's, we've talked about it on the show. It's the Zoom calls. Well, now, now more often it's a Teams, it's a Microsoft Teams call, but it's exactly the same. So it's the exact same flow that we usually see in crypto. But they were targeting...

**Kain Warwick** (4:52)
So the scary thing about that...

**Taylor Monahan** (4:53)
That's the question is like, how the hell...

**Kain Warwick** (4:56)
How would they get the Axios people onto Zoom?

**Taylor Monahan** (4:59)
Developer, maintainer, yeah.

**Kain Warwick** (5:02)
So, I mean, the, the, I think there's two things that are petrifying about that. Right? You have to imagine as like an open source maintainer that you are so much more susceptible. I mean, we've seen this, you know, we saw this with like Steve Yeggy and some of the guys who were building these open source things. When crypto people, like even just like normal people, not, not DPRK hackers, when crypto people turned their attention onto them, they were woefully unprepared for that. Completely unprepared. They're just not used to the kind of adversarial world where like people are like bashing your door down to try and steal your shit and like steal your domain names and, and handles and all of that stuff, right? So, you know, and these are, these are smart dudes who were like completely sideswiped by this, right? So you have to imagine someone who has been like meticulously maintaining this like core dependency for years is just not used to, you know, people trying to break into them. I mean, like, of course, on some level, of course, on some level, you know, these are, these are people that understand the kind of, I would say, immediate security concerns of you are a major dependency of all of this downstream software. So I'm sure they have very good security practices when it comes to deployments and review like all of the like common core things you would have to do. My guess is, maybe I'm wrong, but my guess is they're probably not as prepared for someone hitting them up on wherever they communicate with each other and pretending to be a VC or something. And they've compromised someone's telegram account or they've compromised someone's email or whatever. And they're like, hey, let's have a chat. I love what you're doing. And they're like, oh, cool.