How 'Booth Babes' at Crypto Conferences Could Lead to Big Hacks Like Drift's

The Drift hack wasn't a one-off exploit. It was a patient operation spanning months, with nation-state actors working the conference circuit. Then Circle let the hackers take the money. Bitcoin’s application layer, Citrea, launched its mainnet, expanding Bitcoin’s utility to privacy, lending, BTC yields, and more. Citrea enables: cBTC: The first trust-minimized Bitcoin on a fully programmable platform. ctUSD: A native stablecoin for Bitcoin, allowing for unified liquidity. Bitcoin Capital Markets bringing demand, and utility to the Bitcoin Network. Explore the Citrea Ecosystem. http://citrea.xyz/unchained =============================================================================== Ether.fi is giving Unchained listeners 15% cashback on food and ride apps — and that's on top of the 3% you get on everything else. Your bank is charging you to use your own money. Laura switched and loves her card! Go to http://ether.fi/unchained to claim your offer. =============================================================================== The Drift hack looked like a typical smart contract exploit until the postmortem revealed something far more elaborate: a six-month DPRK intelligence operation involving in-person social engineering at crypto conferences, fully constructed professional identities, and a $1 million deposit to build trust. Then, after $232 million in USDC was stolen, Circle declined to freeze the funds while attackers bridged them across chains for six hours during business hours. Michael Lewellen from Turnkey and Amanda Wick from VerifyVASP tackle what the Drift compromise teaches about operational security in crypto, why Circle's decision raises hard questions about stablecoin issuer responsibility, and whether the legal framework is forcing companies to choose between compliance and doing what's right. Host: Laura Shin, Host / Unchained Guests: ⁠⁠⁠⁠Amanda Wick, Head of Americas at VerifyVASP ⁠⁠⁠⁠Michael Lewellen, Head of Solutions Engineering at Turnkey Timestamps 🔍 00:00 Introduction 🕵️ 00:59 How Drift got infiltrated through a six-month intelligence operation 🛡️ 05:22 Why crypto companies underestimate nation-state-level threats ⚠️ 09:14 Whether DPRK is confirmed behind the Drift hack 💼 18:00 How North Korea recruits non-Korean operatives for crypto attacks 💰 33:52 Why Circle refused to freeze $232M in stolen USDC ⚖️ 51:13 How Tether's freeze response compares to Circle's inaction 🔐 59:31 What laws Amanda Wick would craft for blockchain-speed freezing Learn more about your ad choices. Visit megaphone.fm/adchoices