News linked to both this project and an event.
According to Drift’s official announcement, the Drift Protocol released its latest recovery update on June 3, 2026. An independent forensic investigation conducted by cybersecurity firm Mandiant has confirmed that the prior attack against Drift was carried out by the North Korean threat group UNC6862, whose tactics closely align with those historically employed by North Korean state-sponsored hacking operations. On the rebuilding front, Drift announced the appointment of Noah Prince—former Engineering Lead of the Helium Protocol—as Protocol Lead, who will spearhead codebase hardening and platform security architecture redesign. Additionally, former members of the Gauntlet team have been brought on board to conduct margin engine reviews, optimize funding rates and market parameters, enhance liquidation mechanisms, and implement continuous risk monitoring. Drift plans to relaunch with “security-first” as its core principle, repositioning itself as Solana’s largest USDT-perpetuals exchange. With support from strategic partners including Tether, Drift will establish a dedicated recovery pool funded by platform revenues to compensate users for losses. Further details regarding the recovery mechanism and timeline will be disclosed progressively.
data from blockchain security firm CertiK shows total losses in the crypto sector from hacks, vulnerabilities, and scams in May 2026 were approximately $68.3 million. This represents a nearly 90% decline from the over $650 million in losses recorded in April, making it the third month this year where losses fell below $100 million. Phishing attacks accounted for about $2.6 million of the losses.In April, industry losses surged due to two major attacks on Drift Protocol and KelpDAO, which together accounted for approximately 95% of the month's losses, making April one of the most devastating months for losses in recent years.The institution reminds that while large-scale protocol-level attacks have decreased, risks such as phishing, deepfakes, and credential leaks are on the rise, with the focus of attacks increasingly shifting towards personnel and identity systems. The decline in losses this time is merely due to the absence of major security incidents; the overall security risks in the industry have not been fundamentally eliminated. Cross-chain bridge vulnerabilities and insider threats remain primary risks. (Financefeeds)
Drift Protocol stated on X platform that after the protocol resumes operation, users who have staked in the Insurance Fund will be able to withdraw their corresponding shares normally. The Insurance Fund is designed to maintain the protocol's solvency during liquidation or bankruptcy scenarios. Since the protocol was paused before losses were realized through normal liquidation or bankruptcy processes, the Insurance Fund was not affected by the relevant vulnerability or attack.Drift Protocol added that the protocol's own Insurance Fund assets will be used to support system restart and user recovery, and it plans to disclose the relevant on-chain addresses to allow the community to track fund usage and subsequent deployment.
Drift Protocol released an explanation of its redemption mechanism, stating that users may redeem at any time after the redemption window opens. However, early redemptions will be fulfilled at the current pool’s proportional share, resulting in a recovery value lower than the full claim amount. Conversely, holders who delay redemption may receive a higher recovery price as the pool’s size grows. The protocol emphasizes that this mechanism aims to balance liquidity with the distribution of returns to long-term holders.
According to the official disclosure by Drift Protocol, all affected wallets impacted by the April 1 attack will receive Recovery Tokens—representing their verified losses and proportional claims against the Recovery Pool—where each Recovery Token corresponds to $1 of verified loss. The Recovery Pool’s initial funding is approximately $3.8 million, sourced from converting the protocol’s remaining assets into USDT. It will be further replenished through a portion of quarterly net exchange revenue, partner contributions, and up to $127.5 million in matching deployment from Tether. Once the Recovery Pool exceeds $5 million, users may begin redeeming Recovery Tokens; the redemption price will be calculated as the Recovery Fund’s value divided by the outstanding supply of Recovery Tokens. Drift stated that the Insurance Fund was unaffected by the attack; any release of related funds requires governance proposals and DAO voting. The exchange plans to relaunch in Q2 2026, focusing primarily on perpetual contracts and a select set of markets. Additionally, it will replace its programs and addresses, rotate keys, reconstruct its community multisig, remove durable nonces and the Earn product, and implement operational security upgrades.
According to Odaily, Drift Protocol has released a user recovery plan for the approximately $295 million security vulnerability incident on April 1, which was attributed to a North Korean-backed hacker group. Under the plan, Drift will issue receipt tokens representing users' verified losses, with each token corresponding to $1 in losses, allowing holders to gradually redeem based on the recovery pool's funding size.Currently, the recovery pool has initial funding of approximately $3.8 million. Subsequent funding sources include up to $127.5 million from exchange revenue, Tether-backed funds, and up to $20 million from partner contributions, aiming to cover total losses of approximately $295.4 million. Drift has frozen approximately $3.36 million in USDC and has established a public bounty program offering 10% of recovered assets. It is expected to relaunch the exchange in a "security-first" model during the second quarter. (CoinDesk)
North Korea has denied allegations of its involvement in cryptocurrency theft, calling the claims "absurd slander" and a "political tool." The statement, issued by state-run media, emphasized that necessary measures will be taken to safeguard national interests. However, data from blockchain analytics firm TRM Labs shows that in the first four months of 2026, hacker groups linked to North Korea have stolen approximately $577 million, accounting for about 76% of global crypto theft losses during the same period. This includes two major attacks on KelpDAO (approximately $292 million) and Drift Protocol (approximately $285 million).TRM pointed out that the attacks are primarily associated with the Lazarus Group and its sub-organizations. Since 2017, the cumulative scale of crypto theft linked to North Korea has exceeded $6 billion.U.S. and international agencies widely believe that such funds are used to support military and missile programs. Meanwhile, the U.S. Treasury Department has recently imposed sanctions on relevant individuals and entities, targeting approximately $800 million in illicit fund flows in 2024. (The Block)
According to The Block, blockchain intelligence firm TRM Labs released a report stating that North Korean hacker groups stole approximately $577 million in crypto assets during the first four months of 2026—accounting for 76% of global hacking losses over the same period. All these losses stemmed from two major incidents that occurred in April: KelpDAO was attacked by the TraderTraitor group, resulting in $292 million in losses; and Drift Protocol was compromised by another North Korean sub-group, suffering $285 million in losses. Preparations for the latter attack began as early as March 11, and funds were fully extracted within 12 minutes. The two incidents employed distinct money-laundering pathways: stolen funds from Drift remain largely dormant on Ethereum, whereas funds stolen from KelpDAO were rapidly swapped into BTC via THORChain, with subsequent laundering facilitated by Chinese intermediaries. TRM Labs noted that since 2017, North Korea’s cumulative crypto theft has exceeded $6 billion—and its share of global losses has risen steadily, from less than 10% in 2020 to 64% in 2025.
According to an official announcement, Upbit and Bithumb have stated that member companies of the Korea Digital Asset Exchange Association (DAXA) plan to terminate trading support for DRIFT. The reason for terminating DRIFT trading is that the foundation’s explanatory materials alone are insufficient to alleviate concerns that led to the project’s inclusion on the “Trading Caution List.” Furthermore, after a comprehensive review of all aspects related to the project’s progress, it was determined that the project fails to meet the criteria required to maintain trading support. DRIFT trading (buy/sell) will end on June 1, 2026, at 16:00 KST. Support for DRIFT withdrawals will be terminated on July 1, 2026, at 16:00 KST.
According to Cointelegraph, stablecoin issuer Circle faces a class-action lawsuit in the U.S. District Court for the District of Massachusetts for failing to freeze stolen funds during the Drift Protocol hack on April 1. Plaintiffs allege that attackers transferred approximately $230 million worth of USDC from Solana to Ethereum via Circle’s cross-chain transfer protocol (CCTP) within hours—and that Circle failed to intervene. The lawsuit accuses Circle of aiding and abetting conversion and of negligence. Cryptocurrency analytics firm Elliptic previously suspected the attack may be linked to North Korea–backed hackers; the stolen funds were subsequently converted into ETH and laundered through Tornado Cash.
According to CoinDesk, Drift Protocol—the largest decentralized perpetual futures exchange on Solana—announced it has secured up to $147.5 million in funding from Tether and its partners (including $127.5 million from Tether and $20 million from other partners) following a hack that stole over $270 million. The funds will be used to restore user assets and relaunch the protocol. The attack was carried out on April 1 by a North Korea–linked group that had posed as a quantitative trading firm and infiltrated the protocol for approximately six months, causing the DRIFT token’s value to plummet roughly 70%. The funding structure combines revenue-linked credit, ecosystem subsidies, and market-maker loans, aiming to cover approximately $295 million in user losses. Upon relaunch, the protocol will replace USDC with USDT as its core settlement layer; Tether will simultaneously provide fee waivers, user incentives, and liquidity support.
Odaily News Drift announced on its official website that Drift Protocol has received support from Tether and other partners. Tether intends to contribute $127.5 million, while other partners plan to contribute $20 million, collectively supporting user recovery efforts following the April 1st attack. This support package includes a $100 million revenue-linked credit line, ecosystem grants, and loans provided to market makers. Drift will establish a dedicated user recovery pool, aiming to gradually address the $295 million in outstanding user losses as trading revenue grows. Additionally, Drift will issue independent recovery tokens to affected users, which represent a claim on the recovery pool and are transferable. Drift is currently in the process of restarting the protocol, having engaged Ottersec and Asymmetric for audits, and is migrating its settlement layer from USDC to USDT. The previous attack resulted in the theft of assets worth approximately $295 million, while the insurance fund assets remained unaffected.
Circle Chief Strategy Officer Dante Disparte responded to the major security breach affecting Drift Protocol on April 1, which resulted in over $270 million in stolen funds. He stated that open financial systems must be built upon foundations of legal accountability, shared security, and rules that evolve in real time with emerging threats. Circle freezes USDC funds only when legally required—a measure reflecting its compliance obligations and safeguarding users’ assets and privacy rights. He emphasized that openness and accountability must be balanced, and all participants across the ecosystem—including protocols, wallets, infrastructure providers, exchanges, and stablecoin issuers—must jointly shoulder responsibility for security and accountability. Circle is collaborating with U.S. and international policymakers to advance stablecoin legislation, including the GENIUS Act, to establish a more modern legal framework enabling lawful, rapid intervention against illicit activities while protecting property rights and privacy—ensuring the continued resilience and robust growth of open financial systems.
U.S. law firm Gibbs Mura has launched a class-action litigation investigation into the April 1, 2026, hack of Drift Protocol, reviewing potential investor claims against Circle Internet Financial. The attack resulted in the theft of approximately $280–285 million in assets. The attacker subsequently used Circle’s Cross-Chain Transfer Protocol (CCTP) to bridge over $230 million worth of USDC to Ethereum—Circle took no action to freeze the funds throughout the incident. Notably, just nine days prior, Circle had voluntarily frozen 16 business wallets in a separate civil dispute. Blockchain analytics firm Elliptic suspects the attack was carried out by a North Korea–backed hacking group. As a result of the breach, Drift Protocol’s total value locked (TVL) plummeted from $550 million to below $250 million, the DRIFT token price dropped more than 40%, and at least 20 DeFi protocols suffered indirect losses.