Ledger CTO: The Drift attack method is similar to the Bybit hacking incident, and the attacker may be a North Korean hacker

Ledger's Chief Technology Officer Charles Guillemet stated that the attack method used in the Drift Protocol exploit is similar to the 2025 Bybit hacking incident, which is widely believed to be linked to North Korean hackers.

Guillemet pointed out that this attack did not target any smart contracts; instead, the attackers infiltrated the devices of multi-signature signers over a long period, tricking them into approving malicious transactions. The signers may have always thought they were authorizing legitimate operations. He emphasized that the root of the problem lies in the lack of security at the personnel and operational levels, rather than in the code itself.