Drift Protocol on Tuesday published its user recovery plan for the April 1 exploit, laying out a token-based framework backed by exchange revenue, a Tether-led capital commitment, and partner contributions, with the Solana perpetuals exchange targeting a Q2 2026 relaunch.
The blueprint follows the drain of Drift’s vaults that forensic firm Mandiant has now confirmed was the work of a DPRK-affiliated threat actor. Drift puts total user losses at $295.4 million.
Recovery Token Mechanics
Every affected wallet will receive transferable SPL tokens, separate from the DRIFT governance token, with each unit representing $1 of verified loss. The recovery pool will be seeded with the protocol’s roughly $3.8 million in remaining assets, converted to $USDT, and then topped up through three streams: a quarterly cut of exchange revenue, up to $127.5 million from Tether’s earlier commitment, and up to $20 million from strategic partners.
Redemption opens once the pool exceeds $5 million, with the price set by total fund value divided by outstanding supply. Redemptions are burn-on-redeem and one-time only, meaning users who cash out before the pool reaches the full $295.4M forfeit any further claim. Unclaimed tokens at the end of the claim window are burned, lifting the redemption value for remaining holders.
User balances were snapshotted at 18:31:47 UTC on April 1, with oracle prices taken from 16:06:00 UTC, before the attack distorted markets. The roughly $20 million insurance fund, which was untouched, will be subject to a separate DAO vote on whether it pays out to depositors or rolls into the recovery pool.
Funds Status and Bounty
Roughly 130,259 ETH, worth around $293 million, remains concentrated in four attacker-controlled wallets that have been flagged across exchanges. Two Wormhole transfers covering 59.37 WBTC and 557.90 WETH have been delayed by the bridge’s Governor until late July, while 3.36M $USDC has been frozen on Circle’s CCTP, a process the issuer was previously sued over for not acting faster on the day of the exploit. Drift, working with ZeroShadow and Mandiant, has also offered a 10% whitehat bounty in collaboration with Bybit.
Planned Relaunch
When Drift comes back online, it will be a leaner, perps-only venue settled in $USDT rather than $USDC. The protocol is removing the durable-nonce attack surface central to the April 1 breach, deploying a fresh program with rotated keys, and shutting down ancillary products, including Isolated Markets and Amplify. Mainnet deployment will require instruction-level audits, time-locked admin actions, and review under Solana’s STRIDE program.
This article was written with the assistance of AI workflows. All our stories are curated, edited and fact-checked by a human.
Leave a Reply