Crypto attorney says Drift incident may qualify as 'civil negligence'

The $280 million Drift Protocol attack was likely carried out by threat actors aligned with North Korea state-affiliated hackers.

The hack of the Solana-based decentralized finance (DeFi) platform Drift Protocol could have been prevented if standard operational security procedures were followed by the Drift team, and may constitute “civil negligence,” according to attorney Ariel Givner.

“In plain terms, civil negligence means they failed their basic duty to protect the money they were managing,” Givner said in response to the post-mortem update provided by the Drift team and how it handled Wednesday’s $280 million exploit.

The Drift team failed to follow “basic” security procedures, including keeping signing keys on separate, “air-gapped” systems that are never used for developer work, and conducting due diligence on blockchain developers met through industry conferences.

Read more