Drift Protocol Lost $285M to Six Months of Social Engineering, Not a Code Bug

·1 views

On April 1, 2026, attackers linked to North Korea's Lazarus Group drained approximately $285 million from Solana-based DeFi platform Drift Protocol, making it the second-largest exploit in Solana's history. The attack involved no vulnerability in the smart contract code; instead, operatives spent six months building trust with team members who held admin keys before ultimately gaining access. A similar human-targeted attack hit KelpDAO two weeks later, resulting in a $292 million loss via a compromised LayerZero bridge developer. North Korea-linked actors were attributed to 76% of all crypto hack losses in early 2026, with private-key compromise now surpassing code exploits as the leading cause of theft. Security analysts stress that multisig controls, hardware key storage, time delays, and strict operational hygiene are now as critical as smart contract audits.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

European ISPs Push for Rightsholder Liability When Piracy Blocks Hit Innocent Sites

European internet service providers are calling for copyright holders to be held financially responsible when overly broad blocking orders cause collateral damage to legitimate websites. ISPs argue that rightsholders who request site-blocking measures should bear accountability if those actions inadvertently restrict access to lawful content. The push reflects growing frustration among ISPs who are often caught between enforcing copyright demands and avoiding harm to uninvolved parties. This debate is unfolding within broader European discussions around online copyright enforcement frameworks and the responsibilities of each stakeholder involved.

0 comments Read more at Hacker News

ProgrammingDEV Community ·

Developer proposes co-location pattern to fix recurring Sanity page builder bugs

A recurring bug in Sanity-based page builders causes sections to render blank or disappear silently when developers miss one of five required touch points during setup. The problem stems from section type definitions, GROQ projections, React components, renderer maps, and TypeScript types living in separate files that can fall out of sync. Developer Maciej Trzcinski argues that co-locating a section's type, query, and renderer into a single object declaration eliminates the most common failure modes. He has published two open-source packages implementing this pattern for Sanity Studio and Next.js frontends. The core idea, however, is framework-agnostic: treating the boilerplate dispatch logic as a managed dependency rather than hand-rolled code on every project.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer Shares Guide to Installing NixOS on Jetorbit VPS via nixos-anywhere

A developer documented the process of installing NixOS on a Jetorbit VPS using the nixos-anywhere tool, with all configurations managed from a macOS laptop running nix-darwin. The setup relies on SSH key-based root access and a one-time nixos-anywhere deployment, with subsequent updates handled via nixos-rebuild. Three critical pre-installation checks are highlighted: confirming the VPS uses legacy BIOS rather than UEFI, noting that Jetorbit assigns static IPs instead of DHCP, and ensuring the root SSH public key is registered on the server. The nixos-anywhere tool works by sending a small installer image to the running server and using kexec to boot into it without a full reinstall, then partitioning the disk via disko and building the NixOS system closure remotely. This approach eliminates configuration drift and keeps the server state fully reproducible from a git repository.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Why Complex Systems Fail Silently: Lessons from Bridges and AI-Assisted Code

A tech essay in the 'Craft & Code' series draws parallels between historic engineering failures and the hidden risks in modern software development. The author highlights two landmark cases: the Tacoma Narrows Bridge, which collapsed in 1940 due to unforeseen aerodynamic flaws, and the 1977 Citicorp Center in New York, which was quietly reinforced after its own engineer discovered a critical structural vulnerability post-construction. Unlike a crooked shelf, which reveals its flaw immediately, complex engineering can appear flawless while harboring serious defects beneath the surface. The piece argues that software, as one of the most complex forms of engineering, belongs in the same risk category as bridges and skyscrapers rather than simple craftsmanship. The author warns that as AI tools democratize software creation, the ability to detect invisible, potentially fatal flaws may erode before anyone notices it is gone.

0 comments Read more at DEV Community