Six Months of 'Friendly' Conversations: XRP Validator Warns Builders After $280M Social Engineering Heist

XRP Ledger validator Vet is telling the XRP crew to keep their eyes peeled after a slick social engineering scam cleaned out Solana's Drift protocol to the tune of $280 million. On April 2, the crypto world woke up to the news of the largest DeFi hack of 2026—and the second biggest exploit in Solana's history, right behind the infamous $326 million Wormhole bridge hack in 2022. The attackers siphoned roughly $285 million in user assets from the biggest decentralized perpetual futures exchange on Solana, Drift Protocol, on April 1. The whole thing went down in about 12 minutes. Most of the stolen funds got bridged over to Ethereum shortly after. The wild part? This wasn't some fancy smart contract bug. It was a combo of social engineering multisig signers into presigning hidden authorizations and a zero-timelock Security Council migration that wiped out the protocol's final line of defense. On April 5, Drift Protocol dropped a background update on the incident with more details. XRP Ledger validator Vet jumped on the post and fired off a warning to the XRP community. "The levelof social engineering that led to a $280M exploit of a DeFi protocol is mind boggling. Important lesson for us building on $XRP too," Vet wrote. The validator pointed out one of the most unsettling parts of the whole mess: it was planned out for about six months. The bad actors spent that time building trust with key protocol developers—hitting them up at conferences, befriending them, meeting face-to-face, showing off what they were building at various events, setting up group chats, and even tossing $1 million into a vault. But then came "one testflight app, a cloned repository and a known vscode/cursor vulnerability later," and they had everything they needed to pull off the attack. Vet noted that all major XRP projects out there have the credentials to their ops accounts, repository merge access, and backend systems sitting around. His takeaway? Only the paranoid ones will survive. He's urging caution among XRPL users as more builders get enabled by vibe-coded projects and XRP IRL events keep popping up.