On April 1, North Korean hackers stole $295 million from Drift Protocol in 12 minutes. It was the biggest DeFi hack of 2026. The platform went dark. Trading stopped. Users watched their money disappear into four Ethereum wallets controlled by a state-sponsored hacking group.
Five weeks later, Drift released a full recovery plan. Every affected user gets a recovery token worth $1 for each dollar they lost. A recovery pool, starting at $3.8 million and growing toward $151 million, will fund the payouts. Tether is backing the effort with up to $127.5 million. And Drift plans to relaunch this quarter as a completely rebuilt exchange.
The plan is ambitious. The community is sceptical. And the question everyone is asking is simple: will it actually work?
How Does the Recovery Plan Work?
Every user who lost funds in the April 1 hack will receive a recovery token for each dollar of verified losses. If you lost $10,000, you get 10,000 recovery tokens. These tokens are separate from the DRIFT governance token. They are transferable, which means you can hold them and wait for full repayment, or sell them to someone else if you need money now.
The tokens are backed by a recovery pool. That pool starts small, at roughly $3.8 million from Drift’s remaining assets, all converted to USDT for stability. Users can start redeeming tokens once the pool exceeds $5 million. But here is the catch: if you redeem early, you give up any claim on future payouts. You lock in whatever the pool can pay at that moment and walk away.
Over time, the pool grows through three channels. Drift will dedicate a big portion of its trading fees after relaunch to the pool every quarter. Tether committed up to $127.5 million through a revenue-linked credit facility. And other partners pledged up to $20 million more.
When the pool eventually reaches $295.4 million, the full amount stolen, every remaining token can be redeemed at face value. One dollar per token. Full repayment.
Where Is the Stolen Money?
Most of it has been tracked but not recovered. Roughly 130,259 ETH worth about $293 million sits in four Ethereum wallets that are being monitored and flagged across every major exchange. The hackers know the money is being watched. Moving it through any regulated exchange would trigger instant freezing.
Two additional transfers are stuck in transit. The hackers tried to bridge funds through Wormhole, but that protocol’s governor delayed the transfers until late July. Another $3.36 million in USDC was frozen by Circle.
Drift also launched a 10% bounty. Anyone who helps recover stolen assets gets 10% of whatever is returned. Bybit is partnering on the bounty programme.
The stolen funds are traceable. Recovery is possible but not guaranteed. Law enforcement is involved. But North Korean hackers have a long track record of laundering stolen crypto through mixers, bridges, and small exchanges. Getting the money back could take months or years, if it happens at all.
Why Is Tether Backing This?
Two reasons, one obvious and one strategic.
The obvious reason is good PR. Tether gets to be the hero that saved a hacked protocol and made users whole. That looks good when your company is simultaneously facing Senate investigations and calls for tighter regulation.
The strategic reason is more interesting. As part of the deal, Drift is switching from USDC to USDT as its core settlement layer. Every trade on the relaunched Drift will settle in Tether’s stablecoin instead of Circle’s.
Drift was one of the highest-grossing DeFi protocols on Solana before the hack, generating roughly $47 million per month in trading fees. Getting that volume to settle exclusively in USDT is worth far more than $127.5 million to Tether over the long term. This is not charity. It is a business deal disguised as a rescue.
The timing also matters. Circle took heat after the hack for not freezing the stolen USDC fast enough. The attacker bridged $232 million in USDC from Solana to Ethereum over six hours, and Circle did not intervene. Blockchain investigator ZachXBT publicly criticised Circle. CEO Jeremy Allaire defended the decision, saying Circle only freezes funds when directed by law enforcement.
Tether saw an opening and took it. Circle’s hesitation cost it one of its biggest DeFi clients. Tether’s $127.5 million bought it a new one.
What Does the Relaunch Look Like?
Drift plans to come back as a leaner, security-focused exchange concentrated entirely on perpetual futures trading. The broader product suite, including lending and borrowing, is gone for now.
The security overhaul addresses exactly how the hack happened. New multisig controls spread signing authority across more people. Time-locked operations prevent instant changes to protocol settings. The “durable nonce” attack surface that the hackers exploited has been removed entirely. OtterSec is auditing all three codebases. Asymmetric is consulting on operational security.
The programme will be deployed at a completely new address with fully rotated keys. Nothing from the old system carries over. It is effectively a new exchange built on top of the old brand.
Leading market makers have committed to providing liquidity from day one, backed by a $20 million Tether market-making facility. The goal is to ensure that when Drift reopens, traders can actually trade without waiting for liquidity to build up organically.
Will Users Actually Get Their Money Back?
That depends on execution. The maths works on paper. If Drift relaunches and generates even half of its pre-hack monthly revenue ($47 million), the exchange would produce roughly $282 million per year in fees. Dedicating a meaningful portion of that to the recovery pool, plus Tether’s $127.5 million, could theoretically cover the $295 million gap within two to three years.
But the community is not buying it without reservations. One user responded to the announcement bluntly: “In other words, victims get nothing. And the Drift team that caused this takes no real loss.”
That frustration is understandable. Recovery tokens are not cash. They are a promise of future cash, backed by a pool that does not exist yet, funded by revenue from an exchange that has not relaunched yet. The chain of “not yets” is long.
On the other hand, Drift is doing something most hacked protocols never do. It published a detailed plan. It secured $147.5 million in committed backing. It hired external auditors and security consultants. It is rebuilding from scratch. Most DeFi hacks end with a post-mortem and silence. Drift is trying to come back.
Whether the try succeeds depends on whether traders return. And traders will only return if they believe the new Drift is secure enough to trust with their money again. That is the circle Drift needs to break.
Disclaimer: This article is for informational purposes only and does not constitute financial, investment, or legal advice. Always conduct your own research before making any investment decisions.
