Solana-based Drift Protocol has outlined a plan to repay users following a $295 million exploit linked to North Korean hackers. The lending platform proposes tokenized claims and a revenue-backed recovery pool to cover losses. Drift is working with law enforcement to trace and recover the stolen funds.
Drift Protocol announced on May 5 a recovery framework for users affected by the April 1 exploit, which the platform attributes to a North Korea-backed hacking group identified by forensic firm Mandiant. The attack prompted Drift to suspend trading and borrowing immediately. The majority of stolen assets remain traceable, with about 130,259 ETH—roughly $31 million—concentrated in four monitored wallets, according to Drift. Some funds, including $3.36 million in USDC, have already been frozen, and legal efforts to seize assets are ongoing. The protocol has also launched a 10% bounty on recovered assets. Drift's plan centers on issuing recovery tokens, each pegged to $1 of verified user loss. Holders can redeem these tokens once a recovery pool reaches the total $295.4 million in losses. The pool starts with $3.8 million in remaining protocol assets and is expected to grow through exchange revenue, up to $127.5 million from Tether tied to performance, and up to $20 million from partners—potentially reaching $151 million. The Drift team stated, “Each recovery token represents $1 of verified loss,” adding that final decisions will be subject to governance votes. The protocol plans to relaunch in the second quarter as a security-first exchange, featuring multisig controls, time-locked operations, key rotation, and a focus on perpetuals trading. This effort follows similar industry responses, such as Aave's coordinated recovery for the $280 million Kelp DAO exploit, also linked to North Korean hackers.
