The recent $280 million exploit of Solana-based decentralized finance (DeFi) platform Drift Protocol raises serious questions about operational security practices within the crypto industry. According to attorney Ariel Givner, the breach could have been prevented if the Drift team had adhered to standard security protocols, and their failure may constitute “civil negligence.”
Attorney Alleges “Civil Negligence” Over Basic Security Failures
“In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” Givner stated, referencing Drift’s own post-mortem report. She contends the team ignored fundamental security measures that are considered mandatory for any project handling significant user funds.
Givner points to specific oversights, including the failure to keep critical signing keys on dedicated, air-gapped systems completely separate from developer workstations. She also criticizes the lack of due diligence when onboarding new developers, particularly those met at industry events.
Source: Ariel Givner
“Every serious project knows this. Drift didn’t follow it,” she said, emphasizing the known threat landscape. “They knew crypto is full of hackers, especially North Korean state teams.” Givner detailed a pattern of risky behavior: “Yet their team spent months chatting on Telegram, meeting strangers at conferences, opening sketchy code repos, and downloading fake apps on devices tied to multisignature controls.”
The legal commentary appears prescient. Advertisements for potential class action lawsuits against Drift Protocol are already circulating, signaling growing pressure from affected users. Cointelegraph reached out to the Drift team for comment but did not receive a response by publication.
Source: Ariel Givner
The incident serves as a stark reminder that social engineering and targeted infiltration are primary attack vectors in crypto. These tactics bypass technical safeguards by exploiting human trust, leading to compromised developer systems and the direct drainage of user funds, which can permanently damage platform credibility.
Related: Drift explains $280M exploit as critics question Circle over USDC freeze
Drift’s Timeline: A Six-Month Social Engineering Campaign
In its official update, Drift Protocol confirmed the attack was meticulously planned over approximately six months. The threat actors first approached team members at a major crypto conference in October 2025, feigning interest in protocol integrations and collaboration.
Over the following months, the attackers built rapport with the development team. Once trust was established, they began sending malicious links and distributing malware that eventually compromised developer machines. Notably, Drift reported with “medium-high confidence” that the same group responsible for the October 2024 Radiant Capital hack executed this attack.
The Radiant Capital incident involved a similar modus operandi: a North Korea-aligned hacker, posing as an ex-contractor, sent malware via Telegram to infiltrate the project. In Drift’s case, the individuals who physically approached developers at the conference were not North Korean nationals but are suspected of acting on behalf of state-affiliated hacking groups.
Magazine: Meet the hackers who can help get your crypto life savings back
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy.
