TLDR
- Drift reported about $295.4M in user losses from the April 1 exploit.
- Mandiant linked the Drift exploit to a DPRK-affiliated threat actor.
- Each recovery token will represent $1 of verified user loss.
- Tether has committed up to $127.5M to Drift’s recovery pool.
- Drift plans a Q2 2026 relaunch as a USDT-settled perps-only exchange.
Drift Protocol has released a recovery plan for users affected by a $295 million exploit that struck the Solana-based perpetuals exchange on April 1. The proposal introduces recovery tokens, gradual redemptions and new funding sources as the platform prepares for a planned relaunch in the second quarter of 2026.
The exchange said the attack caused verified user losses of about $295.4 million. Forensic firm Mandiant has linked the exploit to a threat actor associated with the Democratic People’s Republic of Korea. Drift said law enforcement, security firms and blockchain tracking teams remain involved in efforts to monitor and recover the stolen assets.
Under the recovery plan, affected users will receive transferable SPL tokens representing their verified losses. Each recovery token will equal $1 of approved claim value. These tokens will be separate from the DRIFT governance token and will serve only as claims on a recovery pool.
Recovery Tokens Set Claims for Affected Users
Drift said the recovery pool will start with about $3.8 million in remaining protocol assets, which will be converted into USDT. Additional funding is expected to come from exchange revenue, a commitment of up to $127.5 million from Tether and up to $20 million from strategic partners.
Redemptions will begin once the recovery pool exceeds $5 million. The redemption price will be calculated by dividing the total value of the fund by the number of outstanding recovery tokens. Users who redeem early will receive the available value at that time and will give up any later claim tied to the same tokens.
The tokens will be burned after redemption, creating a one-time claim process. Drift said unclaimed tokens will also be burned after the claim period ends. That structure would raise the redemption value for users who still hold valid recovery tokens, depending on the remaining pool size.
The exchange used wallet balances recorded at 18:31:47 UTC on April 1 to determine affected accounts. Oracle prices from 16:06:00 UTC were used to calculate claims before the exploit altered market conditions. Drift said this method was chosen to create a fixed reference point for user balances and asset values.
Stolen Assets Remain Under Tracking
According to Drift, about 130,259 ETH, valued at around $293 million, remains concentrated in four wallets controlled by the attacker. Those wallets have been flagged across exchanges and monitoring systems as recovery teams continue tracing the funds.
Two Wormhole transfers involving 59.37 WBTC and 557.90 WETH have been delayed by the bridge’s Governor mechanism until late July. Drift also said 3.36 million USDC has been frozen through Circle’s Cross-Chain Transfer Protocol.
The protocol is working with ZeroShadow and Mandiant on recovery efforts. It has also offered a 10% whitehat bounty in cooperation with Bybit for the return of stolen funds. No confirmed recovery date has been announced.
The platform’s insurance fund, worth about $20 million, was not drained during the exploit. Drift said the use of that fund will be decided through a separate DAO vote. Token holders may decide whether the fund should be paid directly to affected depositors or added to the wider recovery pool.
Drift Prepares Security Changes Before Relaunch
Drift plans to return as a leaner perpetuals-only exchange settled in USDT rather than USDC. The protocol said several products will be removed, including Isolated Markets and Amplify, as part of the new operating model.
The planned relaunch will include a fresh program deployment with rotated keys. Drift said it will remove the durable-nonce attack surface that was central to the April breach. The platform also plans instruction-level audits, time-locked administrative actions and review under Solana’s STRIDE program before full mainnet deployment.
The recovery model depends on future exchange revenue, external capital and possible asset recovery. Drift said repayments are designed not to draw from trading liquidity after the platform restarts. Full repayment will depend on the growth of the recovery pool and the outcome of enforcement efforts.
