Drift's hacking recovery plan! Funded by Tether with over $120 million, announces abandonment of USDC in favor of USDT

Drift Protocol announced a $150 million recovery plan, led by Tether and fully switching to $USDT for settlement. The move is intended to address the $295 million loss caused by North Korean hackers.

Strategic shift in relaunch operations and settlement assets

Drift Protocol, the Solana ecosystem’s largest decentralized perpetual contract exchange, announced yesterday (4/16) a comprehensive recovery plan totaling $150 million, aimed at addressing the $295 million asset loss that resulted from a North Korean hacker attack in early April.

Image source: X/@DriftProtocol Drift Protocol announced yesterday a comprehensive recovery plan totaling $150 million

The initiative is supported by stablecoin leader Tether, with a funding commitment of up to $127.5 million; the remaining $20 million will be jointly raised by multiple unnamed ecosystem partners. This relaunch plan represents a major change in Drift’s infrastructure: the platform has decided to fully abandon $USDC issued by Circle and instead adopt Tether’s $USDT as the core settlement asset. This move not only seeks to resolve the immediate financial crisis, but also showcases Tether’s strategic ambition to challenge $USDC ’s long-standing dominance on the Solana network.

According to the agreement signed by both parties, this $150 million fund is not a one-time cash infusion, but rather a combination of credit lines tied to future revenue, dedicated ecosystem grant support, and liquidity loans targeted at market makers. This multi-layer funding structure is designed to ensure that once the platform goes back online, it will have deep trading liquidity and stable operational resources, while making $USDT the operational core of the entire trading system.

• Related news: DeFi platform Drift hacked on April Fools’ Day! Hackers emptied $270 million in assets; admin key becomes a vulnerability

Innovative recovery mechanism and compensation token plan

For the 128,000 users severely affected, Drift has planned a long-term asset recovery mechanism, with the core goal of gradually making up the $295 million loss suffered by users in the hacker incident. The platform will establish a dedicated “Recovery Pool,” with funding sources including a portion of future trading fees, committed capital provided by partners, and any subsequently recovered stolen assets through law enforcement authorities or on-chain tracing.

To provide users with liquidity and ownership assurance, Drift plans to issue a brand-new, transferable recovery token to users affected by KOLs. This token is independent of the original governance token $DRIFT and represents holders’ claim rights to the assets in the recovery pool. Users can choose to hold it long-term—gradually receiving compensation as platform revenue flows into the recovery pool—or sell it on the secondary market to get funds earlier. This plan reflects the Drift team’s long-term commitment to the community and emphasizes that restoring user trust is the top priority after the relaunch.

Drift’s CEO noted that this system allows the compensation progress to be linked to the platform’s actual operational performance, ensuring user rights are protected while also not imposing a destructive burden on the platform’s growth momentum.

Details of the hack and a comprehensive defense system upgrade

Investigation reports indicate that the brutal attack that led to asset outflows was not a random incident, but a carefully planned infiltration operation lasting for half a year by a hacker group funded by the North Korean government. The attackers posed as professional quantitative traders and successfully gained the development team’s trust through participating in in-person meetings and social engineering. The hackers then further used malicious TestFlight applications and software vulnerabilities to compromise the devices of core contributors, thereby taking control of the permissions of a multisig wallet (Multisig).

During the April 1 attack, hackers drained the assets stored in the core vault within a short period, causing the $DRIFT token price to subsequently plunge by more than 70%. To learn from the incident and thoroughly eliminate security risks, before relaunch Drift implemented strict security upgrades, including hiring top security firms such as OtterSec and Asymmetric Research to conduct independent audits.

• Related news: Overview of the Drift hacker case: North Korean hackers infiltrated for 6 months—how they staged the biggest DeFi theft in spring 2026

After the relaunch, the platform will introduce a new community-governance multisig system, where all signing processes must be completed on dedicated isolated hardware devices and verified independently outside the trading interface. This strengthened protection process aims to minimize the risks of human infiltration and device poisoning through physical isolation and multiple verifications, establishing an industry-leading security defense.

Stablecoin landscape reshuffle and the Circle trust crisis

Drift’s asset transfer action has also sparked deep discussions in the cryptocurrency industry about the responsibilities of stablecoin issuers. After the attack, the hackers used Circle’s cross-chain transfer protocol (CCTP) to transfer about $232 million worth of $USDC from Solana to Ethereum in batches over a period of 6 hours for money laundering. On-chain data shows that although there was an opportunity to intervene during this half-day window, Circle failed to freeze the stolen funds promptly, drawing strong backlash from community members including well-known investigator ZachXBT.

Circle CEO Jeremy Allaire reiterated the company’s position, emphasizing that it will only take freeze action upon receiving formal orders from law enforcement authorities, to comply with legal and regulatory requirements and protect users’ rights. By contrast, Tether demonstrated more proactive intervention efficiency in handling hackers and illegal funds, which became one of the key factors behind Drift’s decision to switch to $USDT .

Further reading
Who was to blame for Drift being hacked? Hackers cross-chain assets but did not freeze them; ZachXBT sharply criticizes Circle’s negligence
Criticized for freezing USDC too slowly! Circle CEO: Must wait for court orders; refuses to freeze privately

Currently, although $USDC still maintains a leading market cap position on Solana, as high-transaction-volume platforms like Drift turn against it and Tether actively injects resources to fund user rewards, the stablecoin competition landscape on Solana has undergone a fundamental change. This incident not only led Circle to face a class-action lawsuit, but also prompted the market to reevaluate the role stablecoin issuers should play as gatekeepers in decentralized finance environments.