The hack of Solana-based DeFi platform Drift Protocol could have been prevented if standard operational security had been followed, and may amount to “civil negligence,” attorney Ariel Givner said.
“In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” Givner wrote in response to Drift’s post-mortem update on Wednesday’s $280 million exploit.
Givner said Drift failed to adopt “basic” security practices such as keeping signing keys on separate, air-gapped systems never used for developer work, and conducting due diligence on developers met at industry conferences. “Every serious project knows this. Drift didn’t follow it,” she added, noting the industry’s known risk from hackers, “especially North Korean state teams.”
Givner also accused the team of lax operational habits: months of chatting on Telegram, meeting strangers at conferences, opening dubious code repositories, and downloading fake apps on devices tied to multisignature controls. Advertisements for class action lawsuits against Drift are already circulating, she noted. Cointelegraph contacted the Drift team but had not received a response by publication.
The incident underscores that social engineering and project infiltration are major attack vectors that can drain user funds and permanently damage trust in compromised platforms.
Drift’s update said the attackers planned the exploit for six months. According to the team, threat actors first approached Drift at a “major” crypto industry conference in October 2025, offering integrations and collaboration. Over six months they built rapport, then sent malicious links and embedded malware that compromised developer machines.
Drift said the individuals who physically approached developers and are suspected of working for North Korea–affiliated hackers were not North Korean nationals. The team stated, with “medium-high confidence,” that the same actors were behind the October 2024 Radiant Capital hack, which Radiant said involved malware sent via Telegram by a North Korea–aligned actor posing as an ex-contractor.
Cointelegraph is committed to independent, transparent journalism and encourages readers to verify information independently in line with its editorial policy.
