A sophisticated six-month intelligence operation by North Korean state actors has culminated in one of the largest DeFi exploits in history. According to CoinDesk, a North Korean state-linked group spent roughly six months infiltrating Drift Protocol under the guise of a quantitative trading firm before executing a $270 million exploit on April 1. The attackers demonstrated extraordinary patience and tradecraft, building legitimate business relationships that included face-to-face meetings at industry conferences and depositing over $1 million of their own capital to establish credibility. What makes this attack particularly alarming for the DeFi sector is the sophistication of the social engineering component. As reported by CoinDesk, investigators attributed the attack to UNC4736, also known as AppleJeus or Citrine Sleet, and Drift warned that such long-con, identity-rich operations expose deep weaknesses in multisig-based security models across DeFi. This incident represents a paradigm shift in crypto security threats, demonstrating that state-level actors are willing to invest significant resources in long-term infiltration campaigns that target the human element rather than just technical vulnerabilities.