🎙️
Quicklets.ai
Podcasts/Unchained/Episode
Unchained
from: Unchained
Laura Shin
APR 8, 2026

How 'Booth Babes' at Crypto Conferences Could Lead to Big Hacks Like Drift's

UPGRADE SECURITYVET NEW PARTNERSSECURE ADMIN WALLETSWATCH NATION STATES

Key Takeaways

  • Drift hack was a six-month social engineering operation

    What we learned was... this was a long-term, at least six-month intelligence operation.

    Michael Lewellen

  • Attackers used fully constructed identities to build trust

    They had fully constructed identities, including employment histories, public facing credentials and professional networks.

    Laura Shin

  • DPRK actors deposited capital to appear legitimate

    They also deposited $1 million of their own capital.

    Laura Shin

  • Circle didn't freeze stolen USDC for six hours

    Circle declined to freeze the funds while attackers bridged them across chains for six hours during business hours.

    Laura Shin

  • Teams must defend against nation-state level threats

    We have to consider who else might be... being targeted and needs to increase the level of protections they have.

    Michael Lewellen
Want more? Subscribe to go deeper! →

Episode Description

The Drift hack wasn't a one-off exploit. It was a patient operation spanning months, with nation-state actors working the conference circuit. Then Circle let the hackers take the money. Bitcoin’s application layer, Citrea, launched its mainnet, expanding Bitcoin’s utility to privacy, lending, BTC yields, and more. Citrea enables: cBTC: The first trust-minimized Bitcoin on a fully programmable platform. ctUSD: A native stablecoin for Bitcoin, allowing for unified liquidity. Bitcoin Capital Markets bringing demand, and utility to the Bitcoin Network. Explore the Citrea Ecosystem. http://citrea.xyz/unchained =============================================================================== Ether.fi is giving Unchained listeners 15% cashback on food and ride apps — and that's on top of the 3% you get on everything else. Your bank is charging you to use your own money. Laura switched and loves her card! Go to http://ether.fi/unchained to claim your offer. =============================================================================== The Drift hack looked like a typical smart contract exploit until the postmortem revealed something far more elaborate: a six-month DPRK intelligence operation involving in-person social engineering at crypto conferences, fully constructed professional identities, and a $1 million deposit to build trust. Then, after $232 million in USDC was stolen, Circle declined to freeze the funds while attackers bridged them across chains for six hours during business hours. Michael Lewellen from Turnkey and Amanda Wick from VerifyVASP tackle what the Drift compromise teaches about operational security in crypto, why Circle's decision raises hard questions about stablecoin issuer responsibility, and whether the legal framework is forcing companies to choose between compliance and doing what's right. Host: Laura Shin, Host / Unchained Guests: ⁠⁠⁠⁠Amanda Wick, Head of Americas at VerifyVASP ⁠⁠⁠⁠Michael Lewellen, Head of Solutions Engineering at Turnkey Learn more about your ad choices. Visit megaphone.fm/adchoices

Featured in Category Feeds

Macro Pods

More from Unchained

View all episodes →

Stay in the Loop

Get Unchained summaries and more, delivered free.