Drift's hacking incident prompts a reconstruction plan! Funded by Tether with over $120 million, announces abandoning USDC in favor of USDT

Drift Protocol announced a $150 million recovery plan, led by Tether and fully switching to settle with $USDT . The move is intended to address the $295 million loss caused by North Korean hackers.

Strategic shift in relaunch operations and settlement assets

Drift Protocol, the largest decentralized perpetual contract trading exchange in the Solana ecosystem, announced yesterday (4/16) a comprehensive recovery plan totaling $150 million, aimed at responding to the $295 million asset loss incurred in early April due to an attack by North Korean hackers.

Image source: X/@DriftProtocol Drift Protocol announced yesterday a comprehensive recovery plan totaling $150 million

This initiative is backed by stablecoin leader Tether, with a funding commitment as high as $127.5 million, while the remaining $20 million is jointly raised by multiple unnamed ecosystem partners. This relaunch plan represents a major change in Drift’s infrastructure: the platform has decided to fully abandon Circle-issued $USDC and instead adopt Tether’s $USDT as its core settlement asset. This not only aims to address the immediate financial crisis, but also demonstrates Tether’s strategic ambition to challenge $USDC ’s long-standing dominance on the Solana network.

According to the agreement signed by both sides, this $150 million is not a one-time cash injection, but a combination of credit facilities linked to future revenue, ecosystem-specific grants, and liquidity loans for market makers. This multi-layered funding structure is designed to ensure that after the platform resumes operations, it will have deep trading liquidity and stable operational resources, while also making $USDT the operational core of the entire trading system.

• Related news: DeFi platform Drift gets hacked on April Fools’ Day! Hackers emptied $270 million in assets; admin key becomes a vulnerability

Innovative recovery mechanism and compensation token plan

For the 128,000 severely affected users, Drift has planned a long-term asset recovery mechanism, with the core goal of gradually making up for the $295 million users lost in the hacking incident. The platform will establish a dedicated “Recovery Pool,” with funding sources including a portion of future trading fees, committed capital provided by partners, and any stolen assets that are subsequently recovered through law enforcement agencies or on-chain tracking.

To provide users with liquidity and assurance of rights, Drift plans to issue a brand-new, transferable recovery token to affected KOLs. This token is separate from the original governance token $DRIFT , and represents holders’ claims to assets in the recovery pool. Users can choose to hold it long-term—receiving compensation gradually as platform revenue flows into the recovery pool—or sell it on the secondary market to obtain funds early. This plan reflects the Drift team’s long-term commitment to the community, emphasizing that restoring user trust is the top priority after the relaunch.

Drift’s CEO said the system allows the compensation timeline to be tied to the platform’s actual operational performance, ensuring users’ rights are protected while also not imposing a destructive burden on the platform’s growth momentum.

Hack penetration details and comprehensive defense system upgrade

The investigation report states that this brutal attack that led to asset loss was not an isolated incident, but a carefully planned infiltration operation funded by the North Korean government, lasting for as long as half a year. The attackers posed as professional quantitative traders and succeeded in gaining the development team’s trust through participating in in-person meetings and using social engineering. The hackers then further used malicious TestFlight applications and software vulnerabilities to infiltrate the devices of core contributors, thereby taking control of the permissions of multisig wallets (Multisig).

In the April 1 attack, the hackers drained assets stored in the core vault within a short period, causing the price of the $DRIFT token to subsequently plummet by more than 70%. To learn the lesson and completely eliminate security risks, before restarting, Drift implemented strict security upgrades, including hiring top security firms such as OtterSec and Asymmetric Research to conduct independent audits.

• Related news: The full story of the Drift hacking case: North Korean hackers infiltrated for 6 months—how they engineered the biggest DeFi heist of spring 2026

After the relaunch, the platform will introduce a brand-new community governance multisig system. All signing processes must be completed on dedicated isolated hardware devices and independently verified outside the trading interface. This strengthened protection process is designed to minimize the risks of human infiltration and device poisoning through physical isolation and multiple verifications, establishing the industry’s highest-level security defenses.

Stablecoin landscape reshuffle and Circle trust crisis

Drift’s asset transfer operation also sparked deep discussion in the crypto industry about stablecoin issuers’ responsibilities. After the hacking incident, the hackers used Circle’s cross-chain transfer protocol (CCTP) to move about $232 million of $USDC from Solana to Ethereum in batches over a period of 6 hours to launder money. On-chain data shows that although there was a window of up to half a working day in which intervention was possible, Circle failed to freeze the stolen funds in the first instance, drawing strong backlash from community members including the well-known investigator ZachXBT.

Circle’s CEO Jeremy Allaire reiterated the company’s position, emphasizing that it will take freezing action only after receiving official orders from law enforcement authorities, to comply with legal requirements and protect users’ rights. In contrast, Tether demonstrated more proactive and efficient intervention in handling hackers and illicit funds, which also became one of the key factors in Drift’s decision to switch to $USDT .

Further reading
Who’s to blame for Drift getting hacked? Hackers moved cross-chain assets but didn’t freeze; ZachXBT slams Circle for negligence
Criticized for freezing USDC too slowly! Circle CEO: We must wait for a court order—we refuse to freeze privately

Currently, although $USDC still maintains a leading market cap advantage on Solana, as high-volume platforms like Drift have flipped sides, and Tether has actively injected resources to fund user rewards, the stablecoin competition landscape on Solana has undergone fundamental changes. This incident not only led Circle to face class-action lawsuits, but also prompted the market to reassess the role stablecoin issuers should play as gatekeepers in decentralized finance environments.