A legal expert alleges that the $280 million exploit of the Solana-based Drift Protocol resulted from a failure to follow basic security procedures, which may constitute civil negligence. Attorney Ariel Givner stated the team did not properly secure signing keys and conducted insufficient due diligence on developers. The Drift team’s investigation indicates the sophisticated attack involved months of social engineering by actors linked to previous major hacks.
Attorney Ariel Givner contends the massive exploit of the Drift Protocol could have been prevented with standard security practices. “In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” she stated in response to the team’s post-mortem report.
Givner asserted the Drift team neglected fundamental measures like keeping signing keys on air-gapped systems. She also criticized their due diligence on developers met at industry conferences, a failure she said every serious project understands.
“They knew crypto is full of hackers, especially North Korean state teams,” Givner said. She claimed the team spent months chatting on Telegram and meeting strangers, which led to compromised devices containing multisignature controls.
Advertisements for class action lawsuits against the platform are already circulating, Givner mentioned. The incident highlights social engineering and project infiltration as critical threats to cryptocurrency platforms.
The Drift Protocol team’s update outlined a meticulously planned six-month attack. Threat actors initially approached developers at a major conference in October 2025 under the guise of seeking collaboration.
After building rapport, the actors sent malicious links and embedded malware on developer machines. The team stated with “medium-high confidence” that the same actors behind the October 2024 Radiant Capital hack executed this exploit.
Radiant Capital previously stated its hack involved malware sent via Telegram from a North Korea-aligned hacker. The Drift team noted the individuals who physically approached them were not North Korean nationals.
