{ "id": 68005, "date": "2026-04-06T08:41:47", "date_gmt": "2026-04-06T01:41:47", "guid": { "rendered": "https:\/\/hbbgroup.net\/crypto-attorney-says-drift-incident-may-qualify-as-civil-negligence\/" }, "modified": "2026-04-06T08:41:47", "modified_gmt": "2026-04-06T01:41:47", "slug": "crypto-attorney-says-drift-incident-may-qualify-as-civil-negligence", "status": "publish", "type": "post", "link": "https:\/\/hbbgroup.net\/en_us\/crypto-attorney-says-drift-incident-may-qualify-as-civil-negligence\/", "title": { "rendered": "Crypto attorney says Drift incident may qualify as ‘civil negligence’" }, "content": { "rendered": "
\n

The hack of the Solana-based decentralized finance (DeFi) platform Drift Protocol could have been prevented if standard operational security procedures were followed by the Drift team, and may constitute \u201ccivil negligence,\u201d according to attorney Ariel Givner.<\/p>\n

\u201cIn plain terms, civil negligence means they failed their basic duty to protect the money they were managing,\u201d Givner said<\/a> in response to the post-mortem update<\/a> provided by the Drift team and how it handled Wednesday\u2019s $280 million exploit<\/a>.<\/p>\n

The Drift team failed to follow \u201cbasic\u201d security procedures, including keeping signing keys on separate, \u201cair-gapped\u201d systems that are never used for developer work, and conducting due diligence on blockchain developers met through industry conferences.<\/p>\n

\"Cybercrime,
Source: <\/em>Ariel Givner<\/em><\/a><\/figcaption><\/figure>\n

\u201cEvery serious project knows this. Drift didn\u2019t follow it,\u201d she said, adding, \u201cThey knew crypto is full of hackers, especially North Korean state teams.\u201d Givner continued:\u00a0<\/p>\n

\u201cYet their team spent months chatting on Telegram, meeting strangers at conferences, opening sketchy code repos, and downloading fake apps on devices tied to multisignature controls.\u201d<\/p><\/blockquote>\n

Advertisements for class action lawsuits against Drift Protocol are already circulating, she said<\/a>. Cointelegraph reached out to the Drift Team but did not receive a response by the time of publication.<\/p>\n

\"Cybercrime,
Source: <\/em>Ariel Givner<\/em><\/a><\/figcaption><\/figure>\n

The incident is a reminder that social engineering and project infiltration by malicious actors <\/a>are major attack vectors for cryptocurrency developers that could drain user funds and permanently erode customer trust in compromised platforms.<\/p>\n

Related: <\/strong><\/em>Drift explains $280M exploit as critics question Circle over USDC freeze<\/strong><\/em><\/a><\/p>\n

Drift Protocol says attack took \u201cmonths\u201d of planning<\/h2>\n

The Drift Protocol team published an update on Saturday outlining how the exploit occurred and claimed that the attackers planned the attack for six months<\/a> before execution.<\/p>\n

Threat actors first approached the Drift team at a \u201cmajor\u201d crypto industry conference in October 2025, expressing interest in protocol integrations and collaboration.<\/p>\n

\n

The malicious actors continued to build rapport with the Drift development team in the ensuing six months, and once enough trust was built, they began sending the Drift team malicious links and embedding malware that compromised developer machines.<\/p>\n

These individuals, who are suspected of working for North Korea state-affiliated hackers and physically approached the Drift developers, were not North Korean nationals, according to the Drift team.<\/p>\n<\/div>\n

Drift said<\/a>, with \u201cmedium-high confidence,\u201d that the exploit was carried out by the same actors behind the October 2024 Radiant Capital hack.<\/p>\n

In December 2024, Radiant Capital\u00a0said the exploit<\/a>\u00a0was carried out through malware sent via Telegram from a North Korea-aligned hacker posing as an ex-contractor.\u00a0<\/p>\n

Magazine: <\/strong><\/em>Meet the hackers who can help get your crypto life savings back<\/strong><\/em><\/a><\/p>\n