coin-img-ETHETH+0.53%coin-img-BTCBTC+1.32%coin-img-SOLSOL+2.74%coin-img-TONCOINTONCOIN+24.36%coin-img-SLINKSLINK+17.82%coin-img-XRPXRP+1.46%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.62%coin-img-ETHETH+0.53%coin-img-BTCBTC+1.32%coin-img-SOLSOL+2.74%coin-img-TONCOINTONCOIN+24.36%coin-img-SLINKSLINK+17.82%coin-img-XRPXRP+1.46%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.62%coin-img-ETHETH+0.53%coin-img-BTCBTC+1.32%coin-img-SOLSOL+2.74%coin-img-TONCOINTONCOIN+24.36%coin-img-SLINKSLINK+17.82%coin-img-XRPXRP+1.46%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.62%coin-img-ETHETH+0.53%coin-img-BTCBTC+1.32%coin-img-SOLSOL+2.74%coin-img-TONCOINTONCOIN+24.36%coin-img-SLINKSLINK+17.82%coin-img-XRPXRP+1.46%coin-img-USDCUSDC-0.01%coin-img-DOGEDOGE+4.62%

Drift Unveils Recovery Plan After $295M Hack Linked to North Korea's Lazarus Group

Drift Protocol said Tuesday it has begun rolling out a recovery framework for users hit by the April 1 exploit that drained about $295 million. The protocol blamed the attack on a DPRK state-backed hacking unit, a claim it said has been corroborated by forensic firm Mandiant. Following the breach, Drift halted trading and lending. The company said most stolen assets remain traceable and potentially controllable, and that the attacker was only able to move a limited portion of funds. Drift pointed to roughly 130,259 ETH (about $31 million) concentrated across four monitored wallets. The recovery plan centers on issuing tokens that represent verified user losses. "Each recovery token represents $1 of verified loss," Drift said, adding that holders can redeem the tokens over time based on the value of a recovery fund that grows as assets accumulate. Drift said the pool starts with about $3.8 million and is expected to expand through exchange revenues, up to $127.5 million in performance-linked support from Tether, and up to $20 million from partners. The fund will keep building until it covers total losses of about $295.4 million, at which point the tokens can be redeemed at full value. The company also said some funds have been frozen, including about $3.36 million in USDC, while other assets remain delayed in cross-chain transit. Drift said legal efforts to recover and reissue funds are ongoing. Drift has launched a public bounty program offering 10% of recovered assets as a reward. It also plans to relaunch in the second quarter as a "security-first" exchange, introducing new multi-signature controls, time-locked operations, key rotation, and a narrower product lineup focused on perpetuals trading. Drift said user compensation remains the priority, though final implementation will be subject to a governance vote. Separately, about a week after Drift's recovery update, Aave emerged as a coordinator in a broader DeFi recovery push tied to the year's second-largest exploit: the Kelp DAO attack, also attributed to North Korea-backed hackers. The group known as "Lazarus" stole nearly $280 million, and Aave has helped line up donations, deposits, and credit lines from across the crypto ecosystem.
Selected
DRIFT
DRIFT-0.36%
ETH
ETH+0.57%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.