Drift unveils recovery plan after $295M DPRK-linked exploit, introduces user claim tokens

Drift Protocol has outlined a structured recovery plan for users affected by its $295 million exploit. The protocol proposed a token-based compensation model to recover stolen funds. The update, published on 5 May, confirms that the 1 April attack was linked to a DPRK-affiliated threat actor, with forensic firm Mandiant involved in the investigation. Majority of stolen funds remain traceable According to the protocol, approximately 130,259 ETH, worth around $293 million, remains concentrated across four attacker-controlled wallets. Drift stated that law enforcement efforts are ongoing, though no confirmed recovery timeline has been provided. Recovery token model introduced for affected users To compensate users, Drift plans to issue a "recovery token" that represents $1 of verified loss. These tokens will act as claims on a recovery pool funded through multiple sources, including: Protocol revenue Up to $127.5 million in support from Tether Additional partner capital of up to $20 million The recovery pool will continue to grow until it matches total losses of approximately $295 million. Users will be able to redeem tokens once the pool reaches a minimum threshold, with payouts based on the pool's value at the time of redemption. Relaunch plans focus on security overhaul Drift is targeting a relaunch in Q2 2026, with a redesigned architecture focused on security. Key changes include: New program deployment with rotated keys Removal of high-risk product features Implementation of multisig controls with timelocks Mandatory audits before redeployment The platform will also shift to a more streamlined model, focusing primarily on perpetual trading. DeFi recovery enters long-term phase Unlike immediate reimbursement models, Drift's approach spreads recovery over time through revenue and external funding. The protocol noted that repayments will not interfere with trading liquidity once the platform relaunches. The structure, however, means users may need to wait for full recovery, depending on fund inflows and enforcement outcomes. Final Summary Drift Protocol has introduced a recovery token system to compensate users following its $295 million exploit, with most stolen funds still traceable but unrecovered. The plan relies on revenue, external funding, and gradual payouts, signaling a long-term recovery process rather than immediate reimbursement.