$280M Vanishes in 12 Minutes-And It Wasn’t Even the Code’s Fault

Somewhere in the sprawling, slightly chaotic bazaar of the internet, where fortunes are made, lost, and occasionally misplaced under the digital sofa, an XRP Ledger validator known as Vet has taken it upon himself to ring a very loud, slightly panicked bell.

In a recent tweet (the modern equivalent of shouting from a rooftop, but with fewer pigeons), he warned XRP builders to remain alert after a social engineering scam so elaborate it practically deserves its own theatrical release quietly relieved Solana’s Drift protocol of a modest $280 million.

On April 2, the crypto market woke up, checked its pockets, and discovered that it had just experienced the largest DeFi hack of 2026. This made it the second biggest mishap in Solana’s history, which is rather like coming second in a competition no one wanted to win in the first place-just behind the $326 million Wormhole bridge hack of 2022.

In a performance that would make even the most efficient burglars weep with admiration, attackers siphoned off approximately $285 million in user assets from Drift Protocol in about 12 minutes. That’s barely enough time to make tea, let alone lose a fortune. Most of the funds were then politely escorted over to Ethereum a few hours later, presumably for safekeeping. By someone. Definitely not the original owners.

Now, here’s the part where things become truly impressive in a deeply concerning sort of way: the vulnerability wasn’t a bug in the smart contract. No, that would have been far too ordinary. Instead, it was a masterclass in social engineering-convincing multisig signers to presign hidden authorizations, combined with a zero-timelock Security Council migration that effectively removed the last safety net. In other words, the digital equivalent of politely asking for the keys and being handed them with a smile.

XRP community reacts

On April 5, Drift Protocol released an update explaining what had happened, presumably while clutching its metaphorical wallet. Vet responded, and in doing so, issued a warning to the XRP community that can best be summarized as: “Perhaps we should all be just a little more paranoid.”

Vet noted that the sheer audacity-and patience-of the operation was astonishing. This wasn’t a smash-and-grab. This was a six-month courtship. The perpetrators attended conferences, made friends, shared ideas, and even contributed $1 million to a vault. One might say they really invested in the relationship.

“Over six months they approached key protocol developers at conferences, befriended them, face-to-face meetings, showed them what they build over months at various conferences, established group chats and even contributed $1M to a vault,” Vet wrote, presumably while resisting the urge to add several exclamation marks.

And then, as all good plots require, came the twist: one testflight app, a cloned repository, and a known vulnerability later, the foundation for the attack was complete. It’s the sort of detail that makes one reconsider accepting friend requests, or indeed friends in general.

Vet concluded with a sobering observation: most major XRP projects hold sensitive credentials-ops accounts, repository access, backend systems. In other words, all the keys to all the doors. And in a world where charm can be weaponized, only the appropriately paranoid are likely to survive.

His advice? Exercise caution. Especially now, as more builders enter the space, armed with enthusiasm, “vibe-coded” projects, and an alarming willingness to trust people who seem nice at conferences.

Because as it turns out, in crypto, the real vulnerability isn’t always in the code. Sometimes, it’s in the handshake.

Read More

• Brent Oil Forecast
• USD ARS PREDICTION
• GBP EUR PREDICTION
• Gold Rate Forecast
• CNY JPY PREDICTION
• Silver Rate Forecast
• USD JPY PREDICTION
• GBP JPY PREDICTION
• CRO PREDICTION. CRO cryptocurrency
• Fed’s Doing “Stealth” Rate Cuts? Bitcoin Bros Go Wild and Larry David Can’t Stand It

2026-04-06 12:50