Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
In a recent tweet, XRP Ledger validator Vet warns XRP builders to stay alert after a sophisticated social engineering scam drained Solana's Drift protocol of $280 million.
On April 2, the crypto market woke up to the news of the largest DeFi hack of 2026 and the second largest exploit in Solana's history, behind only the $326 million Wormhole bridge hack in 2022.
Attackers drained approximately $285 million in user assets from the largest decentralized perpetual futures exchange on Solana, Drift Protocol on April 1, with the attack happening in about 12 minutes. Most of the stolen funds were bridged to Ethereum hours after.
The critical vulnerability was not a smart contract bug but a combination of social engineering multisig signers into presigning hidden authorizations and a zero-timelock Security Council migration that eliminated the protocol's last line of defense.
XRP community reacts
On April 5, Drift Protocol shared a background update about the incident, sharing further details. XRP Ledger validator Vet engaged with Drift Protocol's update on the incident, triggering a warning to the XRP community.
Vet highlighted that the level of social engineering that led to a $280 million exploit of the Drift Protocol remains mind-boggling. He says this marks an important lesson for XRP builders as well.
The XRP Ledger validator highlighted a surprising part of the whole incident, which was planned for about six months. The perpetrators built trust in this time frame and even contributed $1 million to a vault.
"Over six months they approached key protocol developers at conferences, befriended them, face-to-face meetings, showed them what they build over months at various conferences, established group chats and even contributed $1M to a vault," Vet wrote.
However, "one testflight app, a cloned repository and a known vscode/cursor vulnerability later," they had the foundation to execute the attack, Vet noted.
Vet notes that all major XRP projects have the credentials to their ops accounts, repository merge access and backend systems, adding that only the paranoid ones will survive. He urges caution among XRPL users amid an increasing number of builders enabled by vibe-coded projects and rising XRP IRL events.
Dan Burgin
U.Today Editorial Team
Vladislav Sopov
