Drift Protocol Unveils Recovery Plan After $295M North Korean Hack

Drift Protocol has introduced a recovery plan for users affected by a $295 million exploit on April 1, which it attributes to the North Korean hacking group tracked by Mandiant.

The attack forced Drift to suspend trading and borrowing. According to the protocol, most stolen funds are still traceable, with about 130,259 ETH, or roughly $31 million, concentrated in four monitored wallets.

The recovery plan centers on issuing tokens representing verified user losses, with each token equaling $1. The redemption pool is seeded with $3.8 million in remaining assets and will grow through exchange revenue, up to $127.5 million from Tether, and up to $20 million from partners. Drift also says $3.36 million in USDC has already been frozen.

Drift plans to relaunch in the second quarter as a security-first exchange, adding new multisig controls, time-locked operations, and key rotation.

This comes a week after Aave led a separate recovery effort for Kelp DAO, the second largest DeFi exploit this year, also linked to North Korean hackers.