When Drift disclosed the details behind its $270 million exploit, the most unsettling part wasn’t the scale of the loss — it was how it happened.

According to the team behind the protocol, the attack wasn’t a smart contract bug or a clever piece of code manipulation. It was a six-month campaign involving fake identities, in-person meetings across multiple countries and carefully cultivated trust. The attackers, allegedly from North Korea, didn’t just find a vulnerability in the system. They became part of it.

This new threat is now forcing a broader reckoning across decentralized finance.

For years, the industry has treated security as a technical problem, something that could be solved with audits, formal verification and better…