Tether backs Drift’s repair effort

Tether has moved to support a $150 million recovery package for Solana-based Drift Protocol after the trading platform was hit by one of the biggest crypto exploits of the year, with the plan aimed at repaying affected users over time and helping relaunch the protocol under tighter security controls. Drift said the package would include up to $127.5 million from Tether and a further $20 million from other partners, with the broader structure built around a revenue-linked credit facility, grants and market-maker loans.

The intervention follows Drift’s 1 April exploit, which Tether described as causing about $285 million in user losses. Drift’s own latest recovery update set outstanding user losses at roughly $295.7 million, a higher figure that appears to reflect the protocol’s full accounting of affected assets. That gap matters because it shows the proposed support package will not make users whole immediately, but is instead designed as a staged recovery mechanism tied to the platform’s ability to resume trading and generate revenue.

Drift said a substantial portion of exchange revenue, together with committed support capital, is intended to flow into a dedicated user recovery pool. Any stolen funds that are later traced and recovered would also be added to that pool. Rather than a simple cash injection, the structure places user reimbursement on a longer runway that depends on business activity after relaunch. That may reassure some customers that a framework is in place, but it also leaves them exposed to execution risk if volumes fail to recover or if market confidence remains weak.

One of the clearest strategic shifts in the plan is Drift’s decision to move from USDC to USDT as its settlement layer when the platform reopens. Drift said Tether would also extend a USDT market-making support facility through designated market makers to help ensure liquidity from day one. For Tether, the arrangement offers more than goodwill: it expands the role of its stablecoin inside a high-profile Solana trading venue that had previously relied on a rival dollar token. For Drift, it brings a powerful commercial partner at a moment when credibility, liquidity and user retention are all under pressure.

Drift’s recovery blueprint also includes a new recovery token, separate from its DRIFT governance token, that would be issued to users affected by the exploit. The token is meant to represent a claim on the recovery pool and will be transferable, according to the protocol. That approach could give users some liquidity before full repayment, but it may also raise fresh questions over valuation, trading volatility and whether secondary-market prices would accurately reflect the eventual recovery value. Such structures are familiar in distressed crypto situations, where projects try to bridge the gap between immediate losses and uncertain future cash flows.

The attack itself has already become a warning sign for decentralised finance. Security researchers at TRM Labs, Chainalysis and Elliptic said the exploit drained about $285 million and showed signs consistent with a sophisticated, long-prepared operation, with preliminary assessments pointing to actors linked to North Korea, though formal attribution remains subject to further investigation. Bloomberg reported on 2 April that the exploit ranked among the largest in crypto history. The case has drawn attention because it appears to have involved governance and operational weaknesses rather than a straightforward smart-contract coding flaw, underscoring how human processes and privileged access have become central vulnerabilities in DeFi.

Drift says it is rebuilding around stricter safeguards before any relaunch. The protocol has said it will require two independent audits, from OtterSec and Asymmetric, and will introduce a new community-governed multisig for core assets. It also plans to tighten key management, disable durable nonces for signers, enforce timelocks on critical administrative actions and require transaction details to be independently checked outside the main signing interface. Those measures suggest Drift is trying to answer a central question hanging over the platform: whether users and market makers can trust the venue again after such a large breach.