Drift Protocol has detailed a comprehensive recovery strategy for users impacted by a significant $295 million exploit. The plan centers around a new token-based compensation system designed to address the stolen funds.

Exploit Attribution and Investigation

An update released on May 5th definitively linked the attack, which occurred on April 1st, to a threat actor with confirmed affiliations to the Democratic People’s Republic of Korea (North Korea). The investigation was aided by Mandiant, a renowned forensic firm, providing crucial insights into the attack’s origins and execution.

Status of Stolen Funds

Approximately 130,259 ETH, valued at around $293 million, remains identifiable and is currently held within four distinct wallets controlled by the attackers. While law enforcement agencies are actively pursuing recovery efforts, Drift Protocol cautioned that a concrete timeline for the return of these funds is not yet available.

Law Enforcement Cooperation

The protocol is fully cooperating with these investigations, providing all available data and support to facilitate the apprehension of the perpetrators and the recovery of the stolen assets. This ongoing law enforcement involvement is considered a critical component of the overall recovery strategy, though its success remains uncertain.

Recovery Plan Details

The recovery plan involves a recovery token system funded by protocol revenue, Tether support, and partner capital. Drift Protocol acknowledges the difficulties in tracing funds linked to state-sponsored actors but remains committed to exhausting all available avenues for restitution.

Transparency and Community Engagement

Drift Protocol emphasizes transparency in disclosing the attack attribution and the status of recovery efforts to build trust with its user base. The protocol is actively engaging with its community to address concerns and provide regular updates on the progress of the recovery efforts.

Future Outlook

The relaunch of the protocol is targeted for Q2 2026. The success of the recovery plan depends on law enforcement efforts, funding for the recovery pool, and user participation in the token redemption process. The protocol’s commitment to a security overhaul and a more streamlined architecture underscores its determination to learn from this experience.