Drift Protocol Outlines $295.4 Million Recovery Plan After DPRK-Linked April Exploit
Talik Evans
- 2 min read
Image Credit: Drift
Key Takeaways
- Drift Protocol published a recovery plan for users after a $295.4M April 1 exploit attributed to the North Korea-linked Lazarus Group.
- The framework issues tokens pegged to verified user losses, redeemable from a pool funded by exchange revenue, up to $127.5M from Tether, and up to $20M from partners.
- Drift plans a Q2 “security-first” relaunch with new multisig controls, time-locks, and a narrowed focus on perpetuals trading.
Drift Protocol on Tuesday published a recovery framework for users affected by a $295 million exploit on April 1, which the protocol has attributed to the Lazarus Group, a North Korea-linked hacking collective, detailing a token-based repayment plan funded through exchange revenue, Tether support, and partner contributions.
Drift Says Most Stolen Funds Remain Traceable Across Four Wallets
Trading and borrowing were suspended immediately following the exploit. According to Drift, the majority of stolen assets remain traceable, with approximately 130,259 ETH, valued at roughly $31 million at the time of the exploit by the protocol’s own accounting, concentrated across four monitored wallets. Drift said successful off-ramping by the attacker has so far been limited, though that assessment comes from the protocol itself.
The recovery framework centers on issuing tokens pegged to confirmed user losses. “Each recovery token represents $1 of verified loss,” Drift said, with holders able to redeem based on the value of a dedicated recovery pool funded incrementally over time. That pool begins with approximately $3.8 million in remaining protocol assets and is projected to grow through three channels: exchange revenue, up to $127.5 million in conditional support from Tether disbursed based on performance criteria, and up to $20 million from partners.
Drift did not specify the exact performance thresholds triggering Tether disbursements. The pool will grow until it reaches the full $295.4 million loss figure, at which point all recovery tokens become redeemable at face value.
Frozen Funds, Active Bounty, and Ongoing Legal Action
Drift said approximately $3.36 million in USDC has already been frozen, while additional assets remain delayed in cross-chain transfers. Legal efforts to seize and recover stolen funds are ongoing. The protocol also announced a public bounty program offering 10% of any recovered assets. Final decisions on the plan are subject to governance votes, the team said, adding:
“We are taking considered measures to ensure that users are made whole.”
Drift Plans Security-First Relaunch in Q2 With New Multisig and Product Changes
Drift said it intends to relaunch in the second quarter as a “security-first” exchange. Planned changes include new multisig controls, time-locked operations, key rotation, and a narrowed product scope focused on perpetuals trading. The exploit is among a series of DeFi attacks attributed to North Korea-linked actors recently.
Categories:
Talik Evans
Journalist and Financial Analyst
Talik Evans is a financial writer and crypto researcher with a growing focus on digital assets, Bitcoin markets, and blockchain innovation. Since 2021, she has been exploring the world of cryptocurrency, writing about everything from exchange comparisons to regulatory updates and security practices.