Wu said that Drift Protocol released the latest investigation update on the April 1 attack incident, stating that the attack is suspected to be a long-term infiltration operation lasting about six months with an organized background. Preliminary investigations show that the attackers have been disguising as quantitative trading firms since fall 2025, continuously engaging with Drift team members at multiple international crypto conferences, and carrying out device intrusions through code repository links, TestFlight applications, and other methods. Drift stated that they have frozen remaining protocol functions, removed compromised multi-signature wallets, and partnered with organizations such as Mandiant and SEAL 911 to conduct forensic investigations. The project team assesses with medium to high confidence that this operation may be linked to North Korean hacking groups behind the 2024 Radiant Capital theft incident.