Ariel Givner, an attorney, says the $280 million exploit of Solana-based DeFi platform Drift Protocol could have been avoided if basic operational security had been followed, and that the lapse may amount to civil negligence.
“In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” Givner wrote in response to Drift’s post-mortem on the attack. She argued the project did not follow widely accepted security practices, including keeping signing keys on separate, air-gapped machines that are never used for normal developer work, and performing due diligence on developers met at industry events.
Givner pointed to a string of operational shortcuts she says left Drift exposed: months of developer communication on Telegram, meeting unknown individuals at conferences, trusting unvetted code repositories, and downloading suspicious apps onto devices connected to multisignature controls. She added that the crypto industry is well-aware of persistent threats, “especially North Korean state teams,” and warned that class-action lawsuit advertisements against Drift are already circulating.
Drift’s own update described a prolonged, targeted campaign. The team said the attackers spent roughly six months cultivating access after first approaching developers at a major crypto conference in October 2025, offering integrations and collaboration. Over time the actors built rapport, then sent malicious links and embedded malware that ultimately compromised developer machines and allowed the exploit.
Drift noted the individuals who physically approached developers—suspected of working for North Korea–affiliated groups—were not North Korean nationals. The team said it has “medium-high confidence” that the same actors were linked to the October 2024 Radiant Capital hack; Radiant previously reported malware sent via Telegram by an actor posing as an ex-contractor and aligned with North Korea.
The incident highlights social engineering and project infiltration as effective attack vectors capable of draining user funds and eroding trust in compromised platforms.
Cointelegraph contacted Drift for comment but had not received a response at the time of publication. Readers are encouraged to verify details independently in line with standard journalistic practice.
