An XRP Ledger validator known as Vet has issued a stark warning to the XRP community following a sophisticated social engineering attack that drained approximately $285 million from Solana's Drift Protocol, the largest decentralized perpetual futures exchange on its network.
The attack, which occurred on April 1, 2026, saw user assets drained in roughly 12 minutes, marking it as the largest DeFi hack of the year and the second-largest exploit in Solana's history, trailing only the $326 million Wormhole bridge hack in 2022. Most of the stolen funds were quickly bridged to the Ethereum network.
Vet highlighted that the exploit's root cause was not a smart contract bug but a meticulously planned social engineering campaign. Attackers spent nearly six months infiltrating the Drift Protocol community. They attended conferences, befriended key developers through face-to-face meetings, established group chats, and even contributed $1 million to a project vault to build trust and credibility.
This long-term effort allowed them to manipulate multisig signers into pre-signing hidden transaction authorizations. The attack was ultimately enabled by combining these authorizations with a "zero-timelock Security Council migration" that removed the protocol's final defense mechanism. Vet noted that cloned repositories and a known vulnerability in the VSCode/Cursor development tool were also part of the attack vector.
"The level of social engineering that led to a $280M exploit of a DeFi protocol is mind boggling. Important lesson for us building on XRP too," Vet stated in a tweet on April 5, 2026.
The validator urged extreme caution within the XRP ecosystem, emphasizing that many major XRP projects hold broad access to operational accounts, repository merge permissions, and backend systems. He warned that "only the paranoid ones will survive" in an environment with an increasing number of builders and more frequent in-person (IRL) events, which can create opportunities for similar trust-based attacks.
