DeFi Security Review After $270M Drift Social Engineering Breach
DeFi security is back in focus after the Drift protocol reportedly lost about $270 million in a months-long social engineering operation, not a traditional smart-contract exploit. Investigators described an intelligence-style campaign: attackers allegedly spent nearly six months building trust through in-person meetings worldwide, using fake identities to infiltrate project insiders and gain access to key processes.
Experts say the case should be treated as targeted “intelligence operations” against humans, not just “hacking.” Quoted security leaders argue that even audited code can fail if signatories, contributors, or operational approvals are compromised—making governance and operational security central to the risk picture.
In response, teams highlighted controls beyond code review. Jupiter (SOL) reportedly continues code audits, while expanding multi-signature (multi-sig) and timelock protections, plus internal training and monitoring. dYdX and Jito also stress that permission management and device security for key actors remain critical.
For traders, the key takeaway is that DeFi security failures driven by social trust can quickly change risk sentiment. Protocols with concentrated permissions or weaker governance processes may see faster repricing, while the longer-term implication is improved incident response and threat modeling as industry “table stakes.”
Neutral
短期内偏“bearish”情绪,但总体定性为neutral:Drift 事件凸显DeFi security可能因社交信任与权限/签署链条被渗透而失效,通常会让市场对类似高权限治理与多签运维薄弱的协议提高折价,从而压制风险偏好。
不过,该报道也强调行业正在把防线从代码审计扩展到多签/时间锁、内部培训与监控、权限与设备安全等“运营安全与治理威胁建模”。如果后续处置与风控改进落地,可能降低同类事件的长期尾部风险,并形成一定的市场复苏预期,因此整体价格影响更接近中性而非单边看空。