Elliptic: $285M Drift Protocol Exploit Likely Linked to North Korea

Elliptic flags $285 million Drift exploit as a likely North Korea-linked operation

Elliptic said Thursday the $285 million Drift Protocol exploit, the largest this year, carries “multiple indicators” of North Korea’s state-sponsored DPRK hacker group involvement.

The research firm pointed specifically to onchain behavior, laundering methodologies and network-level signals, all of which align with previous state-linked attacks.

…

“If confirmed, this incident would represent the eighteenth DPRK act Elliptic has tracked this year, with over $300 million stolen so far,” the report said.

“It is a continuation of the DPRK’s sustained campaign of large-scale cryptoasset theft, which the U.S. government has linked to the funding of its weapons programs. DPRK-linked actors are believed to be responsible for billions of dollars in cryptoasset theft in recent years,” Elliptic added.

Hours earlier, Arkham data showed that over $250 million had been moved from Drift to an interim wallet, then to various other addresses.

FulcrumSec Dumps Full MyComplianceOffice Dataset After Failed Negotiations

A compliance technology vendor trusted with some of the most sensitive communications in financial services has allegedly been gutted. FulcrumSec, a threat actor with 13 claims dating back to October 2025, published what it claims is the complete dataset from a breach of MyComplianceOffice, a New York-based RegTech firm serving more than 1,500 financial services firms across 125 countries. The full release dropped March 31, three weeks after a preview post that the group says was MCO’s last chance to resolve the situation quietly.

MCO’s platform is used by regulated financial institutions to archive and monitor employee communications, including emails, Bloomberg and Reuters trader chats, Microsoft Teams messages, ICE Chat logs, Skype conversations, SMS messages, and Zoom and Teams meeting recordings. That is exactly what FulcrumSec claims to have walked out with.

Boards feel confident overall, but many are less certain on cyber, AI and compliance

New research from The Corporate Governance Institute suggests board confidence remains high in general, but drops sharply on the governance issues now under the greatest scrutiny, including cyber security, AI, ESG and regulatory compliance.

Boards may feel broadly confident in their oversight, but new research suggests that assuredness often weakens when directors are asked about the governance issues now shaping business resilience.

That is the central finding from Boardroom Resilience in 2026: Independent Research Into Board Readiness, Risk and Strategy, a new white paper from The Corporate Governance Institute, based on a survey of 500 board directors and c-suite executives across the UK and Republic of Ireland.

FINRA launches threat-sharing portal for cyber and fraud intelligence

FINRA has launched a new intelligence-sharing portal designed to help broker-dealers swap timely information on cybersecurity and fraud threats and coordinate responses, as scams and account intrusions continue to pressure firms and investors.

The platform, called the Financial Intelligence Fusion Center, is a secure portal that allows FINRA and its member firms to share threat intelligence, including indicators tied to cyber incidents and fraud schemes. FINRA said the center will collect, analyze and disseminate intelligence to help firms spot threats sooner and respond faster.

…

The move is a signal that regulators and market plumbing providers are leaning harder into faster information sharing – especially for attacks that spread across firms, such as credential phishing, vendor compromises and copycat fraud campaigns.

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it.

Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party Risk Management, makes the case that TPRM is no longer a compliance formality. It's a frontline security challenge and a defining growth opportunity for MSPs and MSSPs who get ahead of it.

The Modern Perimeter Has Expanded

For decades, cybersecurity strategy revolved around a defined perimeter. Firewalls, endpoint controls, and identity management systems were deployed to protect assets within a known boundary.

That boundary has dissolved.

Akira ransomware group can achieve initial access to data encryption in less than an hour

The Akira ransomware group has compromised hundreds of victims over the past year with a well-honed attack lifecycle that has whittled down the time from initial access to encryption of data in less than four hours, according to cybersecurity firm Halcyon.

Akira has been active since 2023, racking up at least $245 million in ransom payments from victims through September 2025. The cybercriminal outfit likely includes former members and affiliates of the now-defunct Conti ransomware group, and is known for its polished approach to digital extortion.

A primary example can be found in the efficiency of Akira’s infection cycle, which has reduced incident response times to hours. According to Halcyon, Akira is known for using zero-day vulnerabilities, buying exploits from initial access brokers and exploiting VPNs lacking multifactor authentication to infect their victims. Akira also uses a process known as “intermittent encryption,” whereby large files can be encrypted faster in smaller blocks.