Solana-based decentralized exchange (DEX) Drift Protocol has shared the highly anticipated user recovery plan alongside Tether and other collaborators. This move follows the major exploit that drained $285 million from the project’s vaults two weeks ago. Related Reading: Bitcoin Double Bottom Formation Eyes $82,500 Rally – Breakout Or Rejection Next? Drift Protocol Secures $150M Recovery Fund On Thursday, Drift Protocol, the largest decentralized perpetual futures exchange on the Solana blockchain, announced a collaboration with Tether and other partners to establish a “structured recovery plan backed by up to nearly $150 million in combined support” and relaunch with USDT “at the center.” According to the announcement, the funds include a $100 million revenue-linked credit line, an ecosystem grant, and loans to market makers, all intended to finance a dedicated user recovery pool. As NewsBTC reported, the Solana-based DEX suffered an exploit that stole hundreds of millions of dollars from its vaults on April 1. The attack took around $285 million in multiple crypto assets and became the largest exploit of 2026 to date. During the initial phase of the collaboration, a significant portion of exchange revenue, together with committed support capital, will be intended to fund this recovery pool, Drift explained, noting that any stolen funds recovered would be contributed to the pool. In addition, Drift revealed that it will issue a new token for the affected users to “streamline distribution of recovery assets as well as provide liquidity opportunities for impacted users.” The token will be a dedicated recovery token, separate from the DRIFT governance token, that is intended to represent a claim on the recovery pool and will be transferable. Solana DEX Eyes Hardened Security Framework The Solana-based project shared that it will harden its security, passing each component through independent audits by OtterSec and Asymmetric Research before relaunching the protocol. It will also introduce a new community-governed multisig to manage core protocol assets, requiring all multisig signers to operate on dedicated signing devices with transaction content independently verified outside the primary signing interface before any signature is executed. This aims to prevent similar attacks on the project. It’s worth noting that the malicious actors gained unauthorized access to Drift Protocol by manipulating its multisig approvals using Solana durable nonces. “The attack involved unauthorized or misrepresented transaction approvals obtained prior to execution, likely facilitated through durable nonce mechanisms and sophisticated social engineering,” the project explained on its first report. Since then, Blockchain analytics firm Elliptic has identified multiple indicators suggesting that the exploit is linked to the Democratic People’s Republic of Korea (DPRK), while Drift has affirmed that the exploit was a six-month operation to infiltrate the protocol’s inner circle and compromise their devices. USDT Settlements ‘At The Center’ Of Drift The project also detailed that it will relaunch with Tether’s USDT for settlements. Tether reportedly proposed to extend a USDT support facility to designated market makers “to reinforce deep, liquid markets from day one.” “Drift’s decision to integrate USD₮ into the relaunch and recovery of a major trading venue on Solana reinforces Tether’s role as a reliable settlement asset within the Solana ecosystem,” Tether stated. The shift from USDC to USDT settlement represents a significant change, following Circle’s decision not to freeze the stolen USDC during the initial attack. Notably, the exploiter swapped $270.9 million of the stolen assets into USDC within hours, bridged them from Solana to Ethereum via the CCTP TokenMessengerMinterV2, and purchased 129,000 ETH, splitting them across multiple wallets. Related Reading: Bitmine’s Ethereum Holdings Hits 4% Supply Milestone After 71,524 ETH Buy At the time, multiple investors and on-chain investigators urged Circle to freeze the funds, with crypto sleuth ZachXBT slamming the stablecoin issuer for its repeated “inaction” over the past few years. Circle has since addressed the backlash, affirming that it does not act “unilaterally or arbitrarily” and freeze funds when “the law requires us to act.” Drift concluded that “this is the first step toward making users whole over time and toward building back stronger than where we were before.” Featured Image from Unsplash.com, Chart from TradingView.com
Circle (CRCL), the issuer behind the USDC stablecoin, is facing a fresh lawsuit in Massachusetts tied to the $280 million Drift Protocol hack that occurred on April 1. The complaint, filed by plaintiffs represented by the law firm Gibbs Mura, alleges that Circle did not take action to freeze stolen funds even though it had both the technical ability and contractual authority to do so. Drift Hack Fallout According to the lawsuit, attackers drained an estimated $280–$285 million from the Solana-based exchange in less than 12 minutes. The stolen assets were then moved from Solana to Ethereum over the course of roughly eight hours using Circle’s Cross-Chain Transfer Protocol (CCTP). Related Reading: Could Bitcoin Hit $90,000 And Trigger A New Altcoin Rally? Expert Cites 6 Major Catalysts The transfer allegedly took place during US business hours, a detail plaintiffs highlight to emphasize that the alleged movement and conversion of funds occurred while the matter was ongoing, without intervention from Circle to freeze the assets. The filing further claims that user funds were pulled from multiple parts of Drift’s platform, including trading, lending, and vault deposits. As the breach unfolded, Drift’s total value locked reportedly fell sharply from about $550 million to under $250 million. In response to the incident, deposits and withdrawals were suspended indefinitely. The impact, plaintiffs say, extended beyond Drift itself: at least 20 other DeFi protocols reported indirect losses related to exposure to Drift. Circle Accused Of Not Freezing Assets The plaintiffs also point to a separate earlier civil matter involving Circle. Nine days before the Drift-related lawsuit, Circle reportedly froze 16 unrelated business wallets. That, according to the plaintiffs, demonstrates that Circle has the capability—and, in that instance, the willingness—to freeze funds when it deems it appropriate. However, the lawsuit alleges that Circle failed to freeze the stolen USDC and other assets that were allegedly converted into USDC after the hack. Related Reading: Bitcoin Policy Institute Maps Out Strategy For US Stablecoin Supremacy Across 5 Policy Areas Circle is accused of using its Cross-Chain Transfer Protocol in a way that plaintiffs say allowed attackers to offload up to $230 million onto the Ethereum blockchain. In the lawsuit’s framing, this is central to why the plaintiffs believe Circle should have acted to prevent the transfers of stolen stablecoins and connected assets during the time the funds were being moved. Featured image from OpenArt, chart from TradingView.com
Drift Protocol said it has secured up to $127.5 million from Tether to support user recovery after the April 1 exploit.
With "medium-high" confidence, Drift and the SEAL 911 team assess the operation was run by the same North Korean actors behind the Radiant Capital hack.