AEP-Machete

@IsraelPMbah @DriftProtocol If they really were cold wallets this wouldn’t have happened, so yes there is evidence

@SlodyMachete @DriftProtocol Is there evidence to counter their statement? We have to take their word as it is till the truth is proven

@GivnerAriel Looks like that case is potentially against Circle rather than drift. Unlikely drift has sufficient funds to fill the hole they created but circle almost certainly would. Is a potential class action the only likely legal recourse for the average user who lost money here?

The class action ads are already starting.

The more I sit on this, the more I can’t help but think we’re dealing with a civil negligence issue. Sorry for how long this rant will be in advance, but I’m just so angry. Drift Protocol was handling hundreds of millions in user money. They knew crypto is full of hackers - especially North Korean state teams like the ones behind this $285M drain. Yet their team spent months chatting on Telegram, meeting strangers at conferences, opening sketchy code repos, and downloading fake apps on devices tied to multisig controls. Basic security rules are simple: keep signing keys on completely separate, air-gapped machines. Never mix everyday dev work with access to user funds. Don’t trust people just because you shook hands at an event. Every serious project knows this. Drift didn’t follow it. This was a straightforward human mistake at the most obvious weak point. Attackers got in, pre-signed transactions, and emptied the vault in minutes. Now everything’s frozen, users lost big, and we’re hearing excuses about “sophisticated actors” instead of clear plans to repay people from treasury or insurance. In plain terms, civil negligence means they failed their basic duty to protect the money they were managing. You can’t just shrug, say “state hackers did it,” and leave users holding the bag. People trusted Drift with their funds… not with playing risky games against pro attackers. Fix it. Compensate users properly and transparently or don’t act surprised when the community and lawsuits call this exactly what it looks like: a preventable mess caused by sloppy security.

@IsraelPMbah @DriftProtocol And you believed them?

@SlodyMachete @DriftProtocol They clarified that multisig wallets were cold wallets

Who in their right mind is downloading TestFlight candidates on secured devices with multi sig access For a team spending 90k/month on security they really couldn’t afford a separate device? This raises serious questions around the teams opsec practices

Don't trust anyone Don't install apps Have dedicated devices for signing The game has changed Review your security practices and verify they fulfill your needs

Anyone saying this is a sophisticated attack has absolutely 0 idea on what they are talking about. If your protocol can be popped via this kind of attack, you have a lot of opsec work to do.

@Austin_Federa They admitted to using shared devices and installing random TestFlight apps on the same devices used to sign transactions for the main drift protocol I know you are practical enough to understand how irresponsible this is for a company approaching 1B TVL Ledger != cold always

@SlodyMachete Maybe

If this preliminary report is correct, this is an incredibly sophisticated attack. Most protocols are not thinking about security in this way.

@assasin_eth @cindyleowtt @redacted_noah @DriftProtocol As long as there was no language stating clearly that the IF could be used in times of a protocol hack like this I 100% agree

@SlodyMachete @cindyleowtt @redacted_noah @DriftProtocol In the previous post they said they moved these funds manually to keep them safe, so they should open withdrawals for this section at any time, in my opinion

@assasin_eth @cindyleowtt @redacted_noah @DriftProtocol No idea. As someone with funds exposed to drift and no current funds in the IF, if there is specific language in the IF terms regarding hacks like this, they should be socialized, otherwise they should remain separate for bad debt etc Can’t trust drift team for anything now tho

@cindyleowtt @redacted_noah @SlodyMachete @DriftProtocol what about insurance-fund-vaults, my money was locked and opening at 14 april, when i get this back

@airtightfish Already did. Not impressed You were a drift employee your comments mean nothing you biased fuck

@SlodyMachete Agree with trust no one. But this was definitely a highly sophisticated attack, read the full thing if you haven’t already.

Wow. It’s crazy how sophisticated this attack was. The targeted in person element is especially scary. Glad everyone is safe.

I will never use drift again because of their actions and responses this week

I may be psissed at armani and the backpack team for desertin the Lads that are the only reason backpack has any success today, but this is the truth. Security is everything. If you cant handle the ultimate security of your discord and your protocol, it is all worthless

I'll probably get attacked for saying this, but every team in crypto should use this as an opportunity to slow down and focus on security. If possible, dedicate an entire team to it. I know how hard it is. There's an enormous amount of pressure to grow at all costs. Your runway will pressure you. Your investors will pressure you. Your token holders will pressure you. But you can't grow if you're hacked. Take time to stop what you're doing, stop stressing about growth, and audit your whole stack. Custody. Risk. Dependencies. Access control. Everything. The world will still be here when you get back. Focus on the safety of your users' funds above all else. In the long term, this is the most important requirement to grow.

@cheezedawgb @DriftProtocol if a wallet or device is used for anything other than its express intention it is not a cold wallet and they admitted to doing exacly that. ledger does not mean cold wallet

@SlodyMachete @DriftProtocol Then again, there is this: x.com/DriftProtocol/…

The underlying lessons here: Keep your wallets away from your work laptop and phone Dedicated device for signing, maybe running on a cellular connection Trust nobody

@cavemanloverboy literally the cheat code to not losing 270 million of user funds

1) don't answer any x dms 2) don't answer any tg dms 3) don't answer any text messages 4) don't answer any phone calls 5) don't answer your door 5) don't answer if your name is called ever 5) do not contact any human via any medium ever 5) don't enumerate lists past 5 5) lock in anon leave human contact to your bd not on the msig

@cheezedawgb @DriftProtocol it did if you read between the lines. use your brain

@SlodyMachete @DriftProtocol It didn’t say they were hot wallets.

@mrink0 yeah because downloading a random testflight app on a device you use to update your widely used program is sophisticated. its retardation and incompetence

probably the most sophisticated crypto attack we've ever seen. a nation state that patiently spends six months probing building irl relationships across multiple countries is scary stuff