Drift Protocol secures Tether-led recovery package after $280m exploit
Drift Protocol has agreed a recovery package of up to $127.5 million with Tether, plus roughly $20 million from other partners, as the Solana-based trading platform works to compensate users and prepare for relaunch following one of the largest exploits in Solana's DeFi ecosystem this year.
The package, detailed in a recovery update published April 16, is structured around a $100 million revenue-linked credit facility, ecosystem grants and loans to market makers. Proceeds flow into a dedicated recovery pool designed to address approximately $295 million in outstanding user losses as exchange revenue accrues and any recovered assets are repatriated.
Recovery token mechanism
To distribute claims against the pool, Drift plans to issue a separate recovery token to affected users. The token is distinct from the existing DRIFT governance asset, will represent a proportional claim on the pool, and is intended to be transferable. That transferability is deliberate: it allows users to access liquidity before full repayment is completed, rather than waiting indefinitely for the pool to be made whole.
Structural shift away from Circle's USDC
The relaunch will move Drift's settlement layer from USDC to USDT, with Tether providing a market-making support facility to underpin liquidity at launch. The switch comes after blockchain investigator ZachXBT publicly criticised Circle for not freezing USDC linked to the exploit quickly enough. Circle's CEO Jeremy Allaire subsequently defended the decision, citing a "moral quandary" and the complexity of intervening in such cases. Drift's formal alignment with Tether and USDT amounts to a commercial verdict on that dispute.
Anatomy of the exploit
Drift initially disclosed losses of at least $200 million before revising the figure to approximately $280 million. A subsequent breakdown showed nearly $296 million in assets were withdrawn across multiple token types, with the largest portion tied to its JLP liquidity pool. The protocol has attributed the breach to a sophisticated administrative takeover executed through a months-long social engineering operation that it links to suspected North Korean actors. Drift said it is cooperating with law enforcement and blockchain forensics firms; any recovered funds will be directed into the recovery pool.
The protocol's insurance fund, which covers trading-related losses and was not affected by the exploit, will remain intact.
Relaunch conditions
Before relaunching, Drift has committed to two independent security audits and a full rebuild of its security model. Changes include a new multisig structure, tighter key-management controls and enforced delays on critical administrative actions.
