Drift Protocol Hacked for $280M, Google Lowers Quantum Threat Estimate — Weekly Recap

Bitcoin Holds at $67,000 Amid Range-Bound Trading

The leading cryptocurrency spent the week confined to a narrow range, opening and closing near $67,000. Throughout the seven-day period, BTC repeatedly tested the $65,000–$70,000 corridor without establishing a breakout in either direction.

Trading volumes remained elevated during the first half of the week. By Thursday, bullish momentum had evaporated entirely: the price dropped from $69,000 to $66,000 within hours, briefly touching a local low near $65,000. From Friday onward, Bitcoin stabilized around $67,000 with minimal volatility.

Glassnode pointed to Bitcoin's stagnation, noting the absence of a catalyst for a breakout.

The broader crypto market tracked Bitcoin closely. Ethereum gained 1.5%, while BNB and SOL each declined 4%.

Digital assets continue to react sharply to the Middle East conflict, with additional uncertainty stemming from U.S. President Donald Trump's ambiguous statements about the timeline for ending the war with Iran. QCP Capital suggested that rising oil prices could reinforce Bitcoin's store-of-value narrative.

Spot Bitcoin ETF flows were nearly neutral at $22 million in net inflows, while Ethereum funds saw $42 million in outflows.

Total crypto market cap stands at $2.37 trillion. BTC dominance is 56.3%, ETH at 10.3%. The Crypto Fear & Greed Index remains in extreme fear territory at 12.

Drift Protocol: $280M Hack Traced to North Korea

On April 1, Solana-based DeFi platform Drift Protocol suffered a devastating cyberattack. Hackers extracted approximately $280 million by compromising the protocol's multisignature mechanism. The breach affected lending, trading, and vault deposits. Only DSOL tokens outside the Drift ecosystem and Insurance Fund assets were spared. The protocol suspended all operations.

Cybersecurity analysts subsequently attributed the attack to North Korean hackers. The attackers not only compromised the multisig but re-exploited it after security changes, leveraging a delayed signing mechanism.

The Drift team published its own investigation findings over the weekend. According to their report, the attackers spent six months preparing. In autumn 2025, individuals posing as representatives of an unnamed trading firm approached the Drift team at a conference. After an initial meeting, both sides created a Telegram group and spent months discussing trading strategies and potential vault integration. Communication ceased around late March, and all contacts were deleted after the attack.

The evidence linked the incident to UNC4736 — a North Korean state-sponsored group also known as AppleJeus or Citrine Sleet. This same group allegedly perpetrated the $50 million-plus Radiant Capital hack in October 2024.

Why This Matters

The Drift Protocol breach is potentially one of the largest DeFi exploits by stolen value. It highlights the vulnerability of multisig mechanisms and demonstrates the escalating sophistication of state-sponsored hacking operations. The six-month social engineering campaign sets a new benchmark for threats facing the crypto industry and raises urgent questions about operational security standards in DeFi.

Anthropic's Claude Code Source Leaked

AI startup Anthropic experienced a source code leak of its programming tool Claude Code. The published data revealed the solution's full architecture, including query management systems, multi-assistant coordination, access controls, and authorization workflows.

The code contained 44 unannounced features, including a persistent background system called Kairos and an AI pet named Buddy. Enthusiasts quickly launched OpenClaude, an open-source fork with support for Anthropic's API and OpenAI-compatible models.

Anthropic stated that no customer data was exposed and that the leak occurred during release packaging. During cleanup efforts, the team accidentally deleted thousands of GitHub repositories. This marked Anthropic's second leak in recent weeks — earlier, a description of an upcoming AI model surfaced, which company representatives described as a "quantum leap" in performance.

GENIUS Act: U.S. Launches Stablecoin Regulation Framework

The U.S. Treasury began implementing the GENIUS Act, publishing an 87-page document outlining stablecoin regulatory regimes. Issuers with less than $10 billion in circulation can opt for state-level regulation, provided they meet federal standards.

Requirements are split into two categories: uniform rules (reserve backing, AML/KYC compliance) and state-calibrated standards (capital requirements, risk management). Issuers must publish monthly reports on reserve composition.

Simultaneously, the U.S. Department of Labor proposed rules allowing cryptocurrencies in 401(k) retirement plans, reversing 2022-era restrictions. The framework creates a "safe harbor" for plan managers, tying fiduciary responsibility to assessment quality rather than investment outcomes.

Senators Bill Cassidy and Cynthia Lummis also introduced the Mined in America Act, proposing mining industry reform, a strategic Bitcoin reserve, and domestic equipment manufacturing.

Quantum Threat: Google Cuts Estimates by 20x

Google researchers concluded that breaking Bitcoin and Ethereum's cryptographic protections may require fewer than 500,000 physical qubits — 20 times lower than previous estimates.

The team tested two schemes on a superconducting cryptographically relevant quantum computer. One used 1,200 logical qubits and 90 million Toffoli gates; the other employed approximately 1,450 logical qubits and 70 million gates. Under standard hardware assumptions, computations would take 9 to 12 minutes — within the average Bitcoin block time of 10 minutes, enabling a theoretical "on-spend attack."

Ethereum faces a structurally greater risk. Its account model is inherently vulnerable to "at-rest attacks" because public keys are permanently stored on-chain after transactions. Researchers called this "a systemic, unavoidable vulnerability that cannot be mitigated by user behavior without a network-wide transition to post-quantum cryptography."

Google estimated that the 1,000 largest vulnerable addresses (holding ~20.5 million ETH) could be compromised in under nine days. Study co-author and Ethereum researcher Justin Drake said his confidence in Q-Day arriving by 2032 had "grown significantly," estimating roughly a 10% probability that a quantum computer capable of deriving a private key from a public one will exist by then.

Other Notable Events

• A Bitcoin whale realized a $55 million loss selling 1,102 BTC
• Riot Platforms sold $289 million in Bitcoin to fund AI infrastructure development
• Nakamoto sold 284 BTC at a 40% loss
• A solo miner discovered a Bitcoin block and earned $210,000
• Russia banned Bitcoin mining for five years in the Buryatia and Zabaikalye regions
• Fidelity analysts characterized Bitcoin's 52% decline as a sign of market maturation