Drift Protocol Hack and Bitcoin Stability

Bitcoin remains steady at $67,000 while Drift Protocol suffers a $280M hack linked to North Korean hackers, and the U.S. begins implementing the GENIUS Act.

Bitcoin stabilized around $67,000, a North Korean group was suspected of attacking Drift Protocol, Anthropic leaked details of a new AI tool, the U.S. began implementing the GENIUS Act, and other events from the past week.

Bitcoin Stays Steady

The leading cryptocurrency ended the week without significant price fluctuations. It started Monday just below $67,000 and closed Sunday at the same level.

Bitcoin made several attempts to break through local resistance and support zones, but each time it resulted in a reversal. High trading volumes persisted during the first half of the week, with digital gold testing levels between $65,000 and $70,000.

By Thursday, the cryptocurrency lost all positive momentum and began to decline. In just a few hours, Bitcoin plummeted from $69,000 to $66,000. On the same day, the asset briefly tested a local low around $65,000.

Since Friday, the coin has remained around $67,000 without showing sharp fluctuations.

The rest of the crypto market followed Bitcoin with minor deviations. Ethereum gained 1.5%, while BNB and SOL each dropped by 4%.

Digital assets, like other markets, continue to react sharply to the conflict in the Middle East. Investors are also feeling additional stress from ambiguous statements by U.S. President Donald Trump regarding the timeline for ending the war with Iran.

Inflows into Bitcoin ETFs were nearly neutral. Spot funds attracted a net $22 million, while Ethereum lost $42 million.

The total cryptocurrency market capitalization stands at $2.37 trillion, with Bitcoin dominance at 56.3% and Ethereum at 10.3%.

The Crypto Fear and Greed Index remains in the extreme fear zone at 12.

Hack Incident

On April 1, the DeFi platform Drift Protocol on Solana was hacked. The attackers managed to withdraw approximately $280 million by compromising multisig wallets.

The attack affected all types of deposits—loans, trading, and those in storage. Tokens DSOL outside the Drift ecosystem and the Insurance Fund remained untouched. For security reasons, the protocol froze its operations.

After some time, cybersecurity analysts concluded that North Korean hackers were behind the breach. The attackers not only compromised the multisig once but hacked it again after system changes and used a delayed signing mechanism.

Over the weekend, the Drift team published details of their investigation, which also suggests North Korea's involvement. The attackers had been preparing for the assault for six months, according to the company.

Representatives of the protocol stated that in the fall of 2025, individuals from an unnamed trading firm approached them at a themed conference expressing a desire to collaborate.

"They possessed technical skills, had verified professional experience, and were familiar with Drift's operational principles. After the first meeting, we created a group in Telegram, followed by months of substantive discussions on trading strategies and potential storage integration," the company noted.

Close communication between developers and the attackers continued until the end of March. After the attack, all group chats and contacts were deleted.

The investigation's findings linked the attack to the UNC4736 group—a North Korean state entity also known as AppleJeus or Citrine Sleet. This same group is believed to have been behind the Radiant Capital hack of over $50 million in October 2024.

The Drift incident could rank among the largest cyberattacks in the crypto industry by damage.

Discussion Topics with Friends

A Bitcoin whale recorded a $55 million loss from selling 1,102 BTC.
A malfunction in Apollo Go robotaxi led to accidents on the roads.
Riot Platforms sold bitcoins worth $289 million to develop AI infrastructure.
Bitcoin mining has been banned for five years in Buryatia and Transbaikalia.

Anthropic Leak Spoilers

The startup Anthropic suffered a leak of part of the source code for its AI programming tool, Claude Code.

The published data fully revealed the architecture of the solution. Specifically, it disclosed how the service:

manages requests to models;
coordinates the work of multiple assistants;
controls access and permissions;
handles authorization.

Additionally, the code contained 44 functions that have not yet been officially introduced. Among them are a constantly active background system called Kairos and an AI pet named Buddy.

Enthusiasts have already launched an open project called OpenClaude based on Anthropic's code. The fork includes support for Anthropic's API and models compatible with the OpenAI interface.

The company clarified that the leak did not expose any confidential client data. The error occurred during the release packaging. However, during the "cleanup" of the leaked data, another issue arose: the project team accidentally deleted thousands of repositories on GitHub.

This incident marks the second leak for Anthropic in recent weeks. Previously, a description of a future AI model and other documents were found in the public domain.

At that time, representatives of the startup stated that the new development represents a "qualitative leap" in performance and is "the most powerful solution to date." It is currently undergoing testing among a limited group of users.

Movement in U.S. Regulation

The U.S. Department of the Treasury has begun implementing the GENIUS Act, releasing an 87-page document outlining the regulatory framework for stablecoins.

According to the GENIUS Act, issuers of "stablecoins" with a supply of less than $10 billion can opt for state-level regulation, provided they comply with federal standards. The rules establish general criteria for evaluation while allowing local authorities discretion in licensing, oversight, and enforcement.

The document divides requirements into two types:

uniform—reserve backing, compliance with AML/CFT;
state-calibrated—where local regulators retain flexibility (e.g., capital and risk management standards).

Issuers are also required to publish reports on reserve composition at least once a month, matching the federal reporting frequency.

Simultaneously, the U.S. Department of Labor proposed new rules for 401(k) retirement plans, allowing the inclusion of alternative assets, including cryptocurrencies.

This initiative aims to reduce regulatory uncertainty by overturning a previous restriction from 2022. The responsibility of managers will now depend on the quality of their assessment of the instruments rather than their ultimate performance.

The document does not directly promote digital assets but creates a "safe harbor" concept for market participants. Investment funds will be able to add Bitcoin, real estate, and other non-standard products without the threat of lawsuits.

Additionally, Senators Bill Cassidy and Cynthia Lummis introduced the Mined in America Act. This bill proposes to reform the U.S. mining industry, establish a strategic Bitcoin reserve, and localize equipment manufacturing.

Also on ForkLog:

Nakamoto sold 284 BTC at a 40% loss.
Ethereum developers proposed to address L2 fragmentation by creating an "economic zone."
Fidelity analysts called Bitcoin's 52% drop a sign of market maturation.
A solo miner mined a Bitcoin block and earned $210,000.

Quantum Fear

Google researchers concluded that a quantum computer may need fewer than 500,000 physical qubits to break Bitcoin and Ethereum's security—20 times fewer than previous estimates.

The specialists assembled two schemes for testing on a superconducting cryptographically relevant quantum computer. One used 1,200 logical qubits and 90 million Toffoli gates, while the other used about 1,450 logical qubits and 70 million gates.

Under standard assumptions about equipment capabilities, calculations would take between nine and 12 minutes, aligning with the average time to create a Bitcoin block (10 minutes). This makes a "spend attack"—a hypothetical threat where an attacker decrypts a private key from a public one revealed during a transaction—possible.

Researchers also warned that the account model in the Ethereum network is structurally vulnerable to "at-rest attacks." Unlike Bitcoin, this threat does not require a time window, as public keys are constantly stored on the blockchain after a transaction.

"This is a systemic, inevitable vulnerability that cannot be mitigated by user behavior without a network-wide transition to post-quantum cryptography," the experts stated.

Google estimated that the 1,000 most vulnerable addresses (holding ~20.5 million ETH) could be hacked in less than nine days.

Co-author of the study and Ethereum researcher Justin Drake stated that his confidence in the so-called Q-Day occurring by 2032 has "significantly increased." He estimates a roughly 10% chance that a quantum computer capable of recovering a private key from a public one will emerge by 2032.

Weekly Recap: Disheartening Quantum Forecast and $280M Drift Protocol Hack