Lawrence Jengar
Apr 16, 2026 16:32
Tether leads $150M restoration program for Drift Protocol following April’s North Korea-linked hack, with platform switching from USDC to USDT settlement.
Tether is placing up $127.5 million to assist Drift Protocol customers get better funds stolen in final month’s $280 million exploit—a transfer that additionally secures a serious win for USDT on Solana at Circle’s expense.
The stablecoin large introduced Thursday it can lead a $150 million restoration program for the Solana-based DEX, with undisclosed companions contributing the remaining $22.5 million. However this is the catch: the restoration is not an upfront bailout.
“Slightly than counting on upfront capital alone, the construction hyperlinks funding and restoration to ongoing buying and selling exercise on the Drift platform, permitting person balances to be restored because the trade returns to regular operations,” Tether said in its announcement.
Translation: customers receives a commission again as Drift generates income, with Tether basically backstopping the method.
Circle’s Fumble Turns into Tether’s Alternative
The deal comes with a big strategic part. Drift will transition its settlement asset from Circle’s USDC to Tether’s USDT when the platform relaunches—a direct consequence of Circle’s controversial response to the April 1 assault.
Onchain investigator ZachXBT documented how the exploiter moved over $232 million in USDC from Solana to Ethereum utilizing Circle’s personal Cross-Chain Switch Protocol. The transfers occurred throughout greater than 100 transactions over six consecutive hours. Circle by no means froze the funds.
“Regardless of the attacker laundering funds over six consecutive hours throughout Circle’s personal native bridge, no USDC was frozen,” ZachXBT famous. “The attacker has been linked to North Korea by Elliptic.”
The backlash hammered Circle’s inventory, which dropped roughly 10% on April 9 earlier than recovering. The NYSE-traded shares have since climbed about 20% from these lows.
Contained in the Six-Month Social Engineering Assault
The Drift exploit wasn’t a wise contract bug—it was way more refined. In line with investigations revealed in early April, North Korean state-affiliated hackers spent six months conducting social engineering operations focusing on Drift’s governance layer.
The attackers, linked to the group tracked as UNC4736 (also called AppleJeus), manipulated Safety Council members into signing transactions that unknowingly transferred administrative management. They exploited Solana’s “sturdy nonces” function, which permits pre-signed transactions to be executed later.
As soon as that they had admin entry, the hackers whitelisted a nugatory faux token as collateral, deposited it, and drained actual property together with USDC, SOL, and ETH. The stolen funds have been swapped to stablecoins, bridged to Ethereum, and transformed to ETH.
What This Means for DeFi Restoration Playbooks
Tether’s involvement indicators a shift in how main crypto exploits get resolved. Slightly than leaving protocols and their customers to soak up losses fully, trade heavyweights are stepping in—although not with out extracting strategic worth.
For Drift customers, the revenue-linked restoration construction means persistence might be required. Full restitution is determined by how rapidly buying and selling quantity returns to the platform post-relaunch.
For the broader Solana DeFi ecosystem, the episode raises uncomfortable questions on governance safety that will not be answered by Tether’s checkbook alone.
Picture supply: Shutterstock