Share this article
Drift outlines a recovery plan for users after $295 million DPRK-linked exploit
The lending protocol proposed tokenized claims, a revenue-backed pool and a security overhaul as it works with law enforcement to recover the stolen funds.
May 5, 2026, 6:57 p.m. 2 min read
What to know:
- Drift Protocol outlined a recovery plan for users hit by its $295 million April 1 exploit, which it attributed to a North Korea–backed DPRK hacking group identified by Mandiant.
- The plan centers on issuing recovery tokens pegged to verified user losses and funding a pool—starting with about $3.8 million and potentially growing to roughly $151 million from revenue, Tether support and partners—that will accrue until it can fully cover the $295.4 million in losses.
- Drift, which has frozen some funds and launched a 10% bounty on recovered assets, aims to relaunch in the second quarter as a security-focused exchange with tighter controls, as DeFi platforms including Aave pursue similar industry-wide recovery efforts after major hacks linked to North Korea.
Drift’s statement explains that the recovery framework centers on issuing a token representing verified user losses. “Each recovery token represents $1 of verified loss,” Drift said, adding that holders would be able to redeem based on the value of a recovery pool funded over time.
That pool starts with roughly $3.8 million in remaining protocol assets and is expected to grow through exchange revenue, up to $127.5 million in support from Tether tied to performance, and up to $20 million from partners, Drift said. The pool will accrue until it matches total losses of about $295.4 million, at which point tokens can be redeemed at full value, it added.
