In a recent tweet, XRP Ledger validator Vet warns XRP builders to stay alert after a sophisticated social engineering scam drained Solana’s Drift protocol of $280 million.
On April 2, the crypto market woke up to the news of the largest DeFi hack of 2026 and the second largest exploit in Solana’s history, behind only the $326 million Wormhole bridge hack in 2022.
Attackers drained approximately $285 million in user assets from the largest decentralized perpetual futures exchange on Solana, Drift Protocol on April 1, with the attack happening in about 12 minutes. Most of the stolen funds were bridged to Ethereum hours after.
HOT Stories
Bitcoin Surges Past $69K, $196M Worth of Shorts Liquidated
XRP in Near-Zero Territory, Triple Bitcoin (BTC) Resistance Ahead, Cardano (ADA) Needs Shocking Capital Injection: Crypto Market Review
The critical vulnerability was not a smart contract bug but a combination of social engineering multisig signers into presigning hidden authorizations and a zero-timelock Security Council migration that eliminated the protocol’s last line of defense.
XRP community reacts
On April 5, Drift Protocol shared a background update about the incident, sharing further details. XRP Ledger validator Vet engaged with Drift Protocol’s update on the incident, triggering a warning to the XRP community.
Vet highlighted that the level of social engineering that led to a $280 million exploit of the Drift Protocol remains mind-boggling. He says this marks an important lesson for XRP builders as well.
The XRP Ledger validator highlighted a surprising part of the whole incident, which was planned for about six months. The perpetrators built trust in this time frame and even contributed $1 million to a vault.
“Over six months they approached key protocol developers at conferences, befriended them, face-to-face meetings, showed them what they build over months at various conferences, established group chats and even contributed $1M to a vault,” Vet wrote.
However, “one testflight app, a cloned repository and a known vscode/cursor vulnerability later,” they had the foundation to execute the attack, Vet noted.
Vet notes that all major XRP projects have the credentials to their ops accounts, repository merge access and backend systems, adding that only the paranoid ones will survive. He urges caution among XRPL users amid an increasing number of builders enabled by vibe-coded projects and rising XRP IRL events.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
