Drift has disclosed a $295 million exploit that the company attributes to actors from North Korea, marking one of the largest thefts in decentralized finance this year. In response, the platform rolled out a recovery plan centered on tokenized claims and a revenue-backed pool to compensate affected users, alongside a sweeping security overhaul. Law enforcement agencies are now involved in efforts to trace and recover the stolen funds.
How the exploit happened
The attack drained $295 million from Drift's protocols, with internal investigations pointing to North Korea's state-sponsored hacking groups — often referred to as DPRK actors. While Drift hasn't released full technical details, the scale of the breach suggests the attackers exploited vulnerabilities in the platform's smart contracts or access controls. The company confirmed the incident in a statement and immediately paused withdrawals to contain further damage.
Recovery plan: tokenized claims and a revenue pool
Drift's user recovery strategy introduces tokenized claims — essentially digital IOUs that represent a user's lost funds. Holders of these claims will be able to trade or redeem them as the platform recovers assets. To backstop the process, Drift created a revenue-backed pool funded by a portion of future protocol earnings. The company says the pool will accumulate over time and eventually cover the full $295 million shortfall, though it did not provide a timeline for full repayment.
Security overhaul underway
Beyond the immediate restitution plan, Drift implemented a comprehensive security overhaul. The company said it has strengthened its smart contract auditing procedures, added additional monitoring for suspicious activity, and revised access controls to prevent similar intrusions. The overhaul also includes partnerships with external security firms to conduct ongoing penetration testing.
Law enforcement and fund recovery
Drift is collaborating with law enforcement agencies in multiple jurisdictions to recover the stolen assets. The company declined to name specific agencies but confirmed that investigators are tracking blockchain transactions linked to the DPRK actors. Previous cases involving North Korean hackers have seen partial recoveries through international cooperation, but the $295 million figure makes this one of the larger challenges for law enforcement in the crypto space.
The next step for Drift is to roll out the tokenized claims to users and begin funneling protocol revenue into the recovery pool. Affected users are waiting for details on how to claim their tokens and what priority they’ll have in the repayment queue — questions the company has yet to answer publicly.
