DeJudger

The more I sit on this, the more I can’t help but think we’re dealing with a civil negligence issue. Sorry for how long this rant will be in advance, but I’m just so angry. Drift Protocol was handling hundreds of millions in user money. They knew crypto is full of hackers - especially North Korean state teams like the ones behind this $285M drain. Yet their team spent months chatting on Telegram, meeting strangers at conferences, opening sketchy code repos, and downloading fake apps on devices tied to multisig controls. Basic security rules are simple: keep signing keys on completely separate, air-gapped machines. Never mix everyday dev work with access to user funds. Don’t trust people just because you shook hands at an event. Every serious project knows this. Drift didn’t follow it. This was a straightforward human mistake at the most obvious weak point. Attackers got in, pre-signed transactions, and emptied the vault in minutes. Now everything’s frozen, users lost big, and we’re hearing excuses about “sophisticated actors” instead of clear plans to repay people from treasury or insurance. In plain terms, civil negligence means they failed their basic duty to protect the money they were managing. You can’t just shrug, say “state hackers did it,” and leave users holding the bag. People trusted Drift with their funds… not with playing risky games against pro attackers. Fix it. Compensate users properly and transparently or don’t act surprised when the community and lawsuits call this exactly what it looks like: a preventable mess caused by sloppy security.