Key Points
- Drift Protocol suffered a $295 million breach on April 1 attributed to a North Korean state-sponsored group
- Affected users will obtain “recovery tokens” valued at $1 each, corresponding to confirmed losses
- A compensation fund begins at $3.8M, potentially growing to $147.5M with pledges from Tether and collaborators
- The platform intends to resume operations in Q2 2026 with a streamlined, security-enhanced perpetuals exchange
- Complete user reimbursement may require up to eight years based on existing revenue projections
Drift Protocol, a derivatives trading platform operating on Solana, has unveiled its compensation framework following a $295 million security breach that occurred on April 1, 2026. Cybersecurity investigation firm Mandiant attributed the attack to DPRK, a North Korean state-sponsored hacking collective.
The breach occurred when attackers deceived Drift administrators into authorizing fraudulent transactions, prompting the protocol to halt trading and borrowing activities immediately. This incident ranks among the most significant DeFi security breaches recorded this year.
According to Drift, the majority of compromised assets remain trackable. Approximately 130,259 ETH, currently valued at roughly $31 million, sits across four wallets under surveillance with minimal off-chain transfers detected.
The protocol has successfully frozen about $3.36 million in USDC. Legal proceedings to recover and return additional stolen assets continue to advance.
Drift established a public bounty program offering 10% of any successfully recovered assets to encourage external assistance in locating the stolen funds.
Recovery Token Mechanics Explained
Users impacted by the security incident will receive recovery tokens. Each token signifies $1 of authenticated loss and becomes redeemable from an expanding compensation fund.
The fund initiates with approximately $3.8 million in remaining protocol resources. Tether has committed up to $127.5 million linked to specific performance benchmarks, while additional partners have promised up to $20 million in supplementary funding.
When the fund accumulates $295.4 million, tokens become redeemable at their complete value. Users preferring immediate redemption can exchange tokens at reduced rates once the fund surpasses $5 million.
Drift generated $19 million in revenue throughout 2025. Should Tether and partners fulfill their commitments, the reimbursement timeline accelerates significantly. In the absence of these pledges, complete repayment could extend nearly eight years.
Recovery tokens will carry transferability features, enabling users to sell their claims to third parties instead of waiting for the fund to reach full capacity.
All critical components of this compensation framework require approval from Drift token holders via a governance voting process.
Platform Relaunch Strategy
Drift intends to restart operations before July 2026 as a more focused, security-prioritized trading venue. The redesigned platform will concentrate exclusively on perpetual futures trading while operating on streamlined code infrastructure.
The protocol will support a reduced selection of collateral types and restrict trading to the most liquid digital assets. This approach minimizes potential vulnerabilities for future security threats.
Enhanced security protocols will incorporate multisig authorization controls, time-locked operational procedures, key rotation systems, and mandatory quarterly security education for administrative personnel.
Drift will suspend development activities on its mobile application and a new liquidity framework that was announced three months prior to the breach.
The Drift token maintained trading levels just below $0.04 both before and following Tuesday’s announcement, demonstrating minimal market response to the disclosed recovery plan.
Drift’s announcement emerges alongside comparable initiatives from Aave, which currently coordinates a recovery campaign for Kelp DAO following a distinct $280 million breach also linked to North Korean actors.
