Share this article
Drift outlines a recovery plan for users after $295 million DPRK-linked exploit
The lending protocol proposed tokenized claims, a revenue-backed pool and a security overhaul as it works with law enforcement to recover the stolen funds.
May 5, 2026, 6:57 p.m. 2 min read
What to know:
- Drift Protocol outlined a recovery plan for users hit by its $295 million April 1 exploit, which it attributed to a North Korea–backed DPRK hacking group identified by Mandiant.
- The plan centers on issuing recovery tokens pegged to verified user losses and funding a pool—starting with about $3.8 million and potentially growing to roughly $151 million from revenue, Tether support and partners—that will accrue until it can fully cover the $295.4 million in losses.
- Drift, which has frozen some funds and launched a 10% bounty on recovered assets, aims to relaunch in the second quarter as a security-focused exchange with tighter controls, as DeFi platforms including Aave pursue similar industry-wide recovery efforts after major hacks linked to North Korea.
Drift Protocol announced Tuesday the implementation of a recovery plan for users affected by a $295 million exploit on April 1, which it attributed to the North Korea state-backed DPRK hacking group identified by forensic firm Mandiant.
The attack led the protocol to suspend trading and borrowing immediately after the exploit. Drift said “the majority of stolen assets remain traceable and contained with limited successful off-ramping by the attacker,” with about 130,259 ETH (roughly $31 million) concentrated across four monitored wallets.
Drift’s statement explains that the recovery framework centers on issuing a token representing verified user losses. “Each recovery token represents $1 of verified loss,” Drift said, adding that holders would be able to redeem based on the value of a recovery pool funded over time.
That pool starts with roughly $3.8 million in remaining protocol assets and is expected to grow through exchange revenue, up to $127.5 million in support from Tether tied to performance, and up to $20 million from partners, Drift said. The pool will accrue until it matches total losses of about $295.4 million, at which point tokens can be redeemed at full value, it added.
Drift also said some funds have already been frozen, including about $3.36 million in USDC, while additional assets remain delayed in cross-chain transfers. Legal efforts to seize and reissue funds are ongoing, it said. The protocol also launched a public bounty offering 10% of recovered assets.
Drift plans to relaunch in the second quarter as a “security-first” exchange with changes including new multisig controls, time-locked operations, key rotation and reduced product scope focused on perpetuals trading.
“The Drift team is taking considered measures to ensure that users are made whole,” the team said, adding that final decisions will be subject to governance votes.
Drift’s recovery plan announcement comes a week after Aave said it was spearheading a coordinated DeFi recovery effort to rescue Kelp DAO, the second largest DeFi exploit this year, which was also carried out by North Korean-backed hackers. The so-called Lazarus group drained nearly $280 million. In this case, Aave has been able to garner span donations, deposits, and credit lines from across the crypto space.
More For You
Michael Saylor proposes using bitcoin sales to support dividends, as Strategy reported a $12.54 billion Q1 loss.
What to know:
- Strategy reported a $12.54 billion Q1 net loss while holding 818,334 bitcoin at an average cost of $75,537; the firm has about 18 months of dividend coverage against $1.5 billion in annual obligations.
- Executive Chairman Michael Saylor suggested selling bitcoin to pay dividends, contributing to a 4% after-hours drop in...
Top Stories
