The April 1 attack was attributed to a North Korea state-affiliated threat actor, as confirmed by forensic firm Mandiant. Following the exploit, Drift temporarily suspended all core protocol functions—including trading and borrowing—to prevent further unauthorized activity.
Users can begin redeeming their tokens once the recovery fund exceeds $5 million, though early redemption means forfeiting any future claims on the pool. The pool will keep growing until total inflows match the full $295,426,725.97 in exploit losses.
On the security front, Drift says it plans to deploy an entirely new program at a fresh address with fully rotated keys, implement timelocks on sensitive administrative operations, and remove the durable-nonce attack surface that was central to how the April 1 exploit was executed.
The team is targeting a relaunch in Q2 2026, refocused as a leaner, perps-native exchange, with leading market makers and a $20 million Tether market-making facility committed to providing liquidity from day one. A public bounty program—offering 10% of any successfully recovered assets—has also been launched in collaboration with crypto exchange Bybit.
“The Drift team is taking considered measures to ensure that users are made whole, and that Drift restores itself as the leading perpetuals DEX on Solana,” the exchange wrote. “The team has made internal hard decisions to restructure and operate as lean as possible, focusing entirely on recovery and relaunch. This will take time but the structure is in place, ecosystem partners are committed, and the work is underway.”
