Chilling read, but none of this is new. This playbook isn't unique to the DPRK; it's similar to how every intelligence agency and professional group operates. The thinking is straightforward: - What are the most valuable targets? In DeFi, TVL is a great proxy. - What's the exploit surface? - What's the probability of successful infiltration? - Can we launder the funds quickly and make a clean getaway? Once you've identified which targets are worth hitting and how much you can extract, you determine how much you're willing to invest. Simple math: TVL is $1B. The probability of a successful e2e hack is p = 0.10. EV = 1B * 0.1 = $100M. If I can execute for less than that, it's worth it. This may look familiar to Oracle folks, because it's the core of determining the cost of market manipulation... Back to the Drift exploiters $1M in capital deposited in Drift + a team of assets interfacing with the org over months; I'd wager their all-in cost basis was under $3M? That's a no-brainer bet on a $100M+ expected payoff. Ofc, all of this is oversimplified, but that's the gist. Most people think hacking looks like the movies; breaking some crazy cipher or a god-tier algo that defeats all your firewalls and circuit breakers. In reality, humans are typically the weakest link, and social engineering is almost always the easiest way in. That's why role-based access control, privilege separation, timelocks, monitoring, PagerDuty, and multisig hygiene matter so much. They're not there to prevent the breach; they're there to limit the blast radius when it does. Do everything to make sure it doesn't happen. But assume it might, and design accordingly.