Blockchain-based decentralized finance (DeFi) protocol Drift has unveiled a new recovery initiative after suffering losses of nearly $295 million in a cyberattack on April 1. According to the team’s statement, North Korea-linked hackers are believed to be behind the incident, which prompted an immediate shutdown of all trading and lending operations on the platform.
Extent of the attack and current status of funds
A total of 130,259 Ethereum (ETH) were stolen during the attack, consolidated across four wallet addresses. Drift reports that most of the stolen assets remain traceable, as hackers have managed only limited transfers so far. Roughly $3.36 million in USDC has been frozen and some assets are being held during cross-chain transfers. The platform is pursuing legal avenues to recover and return funds wherever possible.
Details of the recovery plan
Drift plans to issue a new instrument called “recovery tokens,” with each token representing a lost dollar from affected users. Holders of these tokens will gradually receive payments from a recovery pool designed to match the value of their losses. The pool currently holds approximately $3.8 million, but will be regularly supplemented by future exchange revenues. Additionally, up to $127.5 million in performance-based support will come from Tether, and partners are expected to contribute up to $20 million. The pool will continue to grow until the full $295.4 million target is reached, at which point recovery tokens can be redeemed at full value.
The Drift team emphasized that all proposed measures are aimed at fully compensating users, and stressed that the final decisions regarding recovery will be put to “governance votes” within the community.
In addition, the platform has launched a public bounty program, offering a 10 percent reward on any assets recovered from the hack. This initiative aims to motivate community members to support the recovery process.
Platform relaunch and sector-wide implications
Drift intends to resume operations in the second quarter as a security-centered exchange. The relaunch will include multisignature controls, time-locked transactions, key rotation procedures, and a shift toward a narrower focus exclusively on perpetual futures contracts.
Shortly before Drift’s announcement, another leading DeFi protocol, Aave, had also initiated a major industry-wide recovery effort for Kelp DAO, which experienced the year’s second-largest cyberattack. This operation is similarly linked to hackers believed to be based in North Korea. In 2024 alone, the Lazarus group—well-known for such attacks—has siphoned off about $280 million in total.
These recent incidents underscore the continuing need for DeFi protocols to update their security measures in the face of evolving threats. Platform operators and users alike have become increasingly aware of the risks and are adopting stricter procedures to safeguard assets.
The broader DeFi sector remains under heightened alert, with industry leaders urging collaboration and better transparency to counter sophisticated hacking attempts. As more platforms announce recovery solutions, community engagement and decentralized governance have taken center stage in efforts to build back user trust and restore lost funds.
Regulatory authorities watching the sector have noted the scale and frequency of coordinated attacks linked to nation-state actors, emphasizing the urgent necessity for robust technical defenses and international cooperation.
Meanwhile, user groups impacted by the Drift attack have voiced cautious optimism, pointing to the recovery tokens and bounty initiatives as promising steps but calling for swift and transparent implementation of all measures.
As the countdown to Drift’s relaunch continues, attention is turning to whether a combination of technical upgrades, community oversight, and external support can restore confidence in the protocol—and provide a blueprint for industry-wide resilience.
