Kane Warwick hosts Uneasy Money with co-hosts Taylor Monaghan (security expert) and Luca Netz (Pudgy Penguins founder) to discuss the Drift Protocol hack and Claude Code source leak.

The conversation covers the $250+ million Drift Protocol compromise through admin key exploitation, examining how attackers bypassed withdrawal limits by creating new markets and updating parameters.

They explore the broader implications of DPRK supply chain attacks, particularly the Axios dependency compromise that affected millions of computers through social engineering tactics.

The discussion shifts to the Claude Code source leak, revealing insights into agent-driven development where no code is older than six months, highlighting the rapid evolution of AI-powered software development.

Drift Protocol's $250M Admin Key Compromise

The Drift Protocol hack involved compromised admin keys that locked the team out of freezing functions, forcing attackers to create new CBT markets and update withdrawal thresholds to drain pools.

"This definitely doesn't feel like a vibe coding. Like, this is not like a hack, there's a key compromise" - Kane, noting the administrative nature rather than smart contract exploit.

Solana's built-in withdrawal limits required attackers to do more work than typical key compromise hacks, updating parameters before executing the drain.

Circle's policy of only freezing USDC on court orders creates delays compared to Tether's internal decision-making process for emergency situations.

DPRK Supply Chain Attack Through Axios Compromise

DPRK hackers compromised the Axios JavaScript dependency affecting 100 million computers weekly through a supply chain attack following their Microsoft Teams social engineering playbook.

"The second I saw the stuff, I made a lot of calls to get the full set of indicators for recent DPRK stuff" - Taylor, investigating potential connections between attacks.

Open source maintainers are vulnerable because they assume core contributors' devices are secure, but session tokens saved locally can be stolen through device compromise.

DPRK malware includes heartbeat pings every 60 seconds asking "yo, DPRK, is there anything you want me to do?" and can remain dormant for months before activation.

Traditional antivirus cannot detect sophisticated DPRK malware; EDR solutions like CrowdStrike are necessary for crypto companies and high-value targets.

Claude Code Source Leak Reveals Agent-Driven Development

Claude Code's entire 500,000-line codebase was leaked after sitting in a repository for three months, with Boris Cherney stating no code is older than six months.

"There is not a single line of code in Claude code that is more than six months old" - Boris Cherney on Y Combinator podcast, highlighting rapid iteration pace.

The leak reveals system prompts that repeatedly state "don't do illegal things" as the current state-of-the-art for AI safety through brute force repetition.

The code represents a "harness" above the math model, containing tool use, loops, and token caching optimizations rather than the actual AI weights.

Kane predicts Anthropic will release a new model soon to invalidate the leaked code, as models are "quite idiosyncratic" requiring different prompting strategies.

Security Best Practices for Crypto Organizations

SEAL Team 911 operates as a volunteer coordination network of 50+ security experts providing emergency response for crypto incidents through donations.

"If you ever like need help with anything that's like slightly security plus crypto... the odds that you have anyone better than Seal 911 is zero" - Taylor on emergency response capabilities.

Dependency pinning and minimum age requirements (7+ days) for new packages can prevent supply chain attacks by allowing time for malicious code detection.

Separate devices for different functions and rotating through multiple MacBooks provides essential isolation for crypto executives and developers.

Business email compromise (BEC) attacks successfully redirect millions by infiltrating email chains and changing payment instructions, as demonstrated by a $2M VC investment theft.