What happened to Drift Protocol and why were user funds lost?

Drift Protocol was attacked by UNC6862, a North Korean state-sponsored hacker group. The attack exploited the platform's security vulnerabilities, resulting in unresolved user losses. Mandiant, a leading cybersecurity firm, conducted an independent forensic investigation and officially attributed the attack to this North Korean threat group.

What is the Drift Protocol recovery pool and how does it work?

The Drift Protocol recovery pool is a dedicated fund designed to pay back users who lost money in the hack. It is powered by revenue generated after the platform relaunches. The faster Drift earns from trading activity, the faster the pool fills and the sooner affected users receive compensation.

Who is Noah Prince and what is his role in Drift Protocol's recovery?

Noah Prince is the former Head of Protocol Engineering at Helium, where he led the entire migration of Helium's platform to Solana. He is joining Drift as Head of Protocol, responsible for rebuilding the codebase from scratch and reinforcing the platform's security architecture to prevent future attacks.

What is UNC6862 and how is North Korea connected to the Drift Protocol hack?

UNC6862 is a North Korean state-sponsored cyber threat group identified by Mandiant's forensic investigation. The group's tactics, techniques, and digital fingerprints match historical North Korean hacking operations. They have been linked to similar attacks on other crypto platforms, making this part of a broader pattern of state-directed crypto theft.

Drift Protocol Relaunch 2026: How Recovery Pool Will Pay Back Users?

Q: Why is Tether backing Drift Protocol's relaunch?

Tether, the company behind USDT — the world's most used dollar-pegged stablecoin — has provided strategic support to help Drift relaunch as a USDT-margined perpetual exchange on Solana. This backing gives Drift financial credibility and positions it as the largest USDT perps platform on the Solana blockchain.

Sakshi Jain

04-06-2026

Last Updated: 04-06-2026

From Hack to Relaunch: How Drift Protocol Plans to Pay Back Users?

Drift Protocol Relaunch: Solana Top USDT Exchange Comeback June 2026

A state-sponsored cyberattack nearly destroyed Drift Protocol. Now, with Mandiant's forensics, a new protocol lead, and Tether's backing — it's aiming for Solana's top spot.

Major Drift Protocol recovery update on June 3rd. The platform was hacked. User funds were lost. But now, there's a plan — and the people behind it have serious names attached. The story doesn't end with the attack. It's just getting started.

The Attacker Has a Name: UNC6862

This wasn't a random hack. Mandiant — one of the world's top cybersecurity firms — ran a full independent investigation. Their conclusion was clear.

The attack came from UNC6862. That's a North Korean state-sponsored threat group. Mandiant tied them directly to other crypto platform attacks. Same tactics, same tools, same operational fingerprint.

North Korea has stolen billions from crypto in recent years. The protocol is now on that list. But unlike most victims, Drift is responding publicly — with forensic proof.

Drift Recovery Plan

Source: Official X

What's the Drift Recovery Plan?

Drift's recovery strategy is straightforward:

Relaunch the platform
Generate revenue.
Use that revenue to pay back affected users through a dedicated recovery pool.

The faster the platform performs, the faster users get their money back. That's the engine. No vague promises. No future token. Just a trading platform that earns its way back.

Tether Steps In and That's a Big Deal

Tether company behind USDT, the world's most-used stablecoin — is providing strategic support. USDT is a dollar-pegged digital coin traders use to avoid crypto price swings. With Tether's backing, Drift will relaunch as a USDT-margined perpetual exchange on Solana. Every trade, every position — settled in stable dollars.

The target? Become the largest USDT perps exchange on the Solana ecosystem. Perps, short for perpetual futures, let traders bet on price movements without owning the actual asset.

Meet the People Rebuilding the Code

The protocol didn't patch the old system. It brought in new engineers with real credentials. Noah Prince is joining as Head of Protocol. He was previously the Head of Protocol Engineering at Helium, where he led Helium's full migration to Solana end-to-end. His job at Drift is to strengthen the codebase and harden the platform's security architecture.

Former members of the Gauntlet team are also joining. Gauntlet specialises in financial risk modelling for DeFi protocols. Their scope covers the liquidation engine, funding rates, market parameters, liquidator optimisation, and ongoing risk monitoring. Together, Noah and the Gauntlet team will overhaul the code before anything goes live.

What Does This Mean If You're a Drift User?

If the hack affected your funds, you're not forgotten. The recovery pool is built specifically to address outstanding user losses.

How fast it fills depends entirely on platform performance after relaunch. It has confirmed it will share more details — including exact timing and recovery mechanics — as they become available. No recovery has been processed yet as of June 4, 2026.

The Bottom Line

Drift protocol got hit by a North Korean state operation. That's serious. But the response — Mandiant forensics, Tether backing, top-tier engineers, and a dedicated recovery pool — is equally serious.

If the relaunch works, it becomes a Solana-dominant USDT perps exchange. Affected users get paid back through performance, not promises. The next update will include recovery timing. That's the one to watch.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions in crypto markets. All details are sourced from Drift Protocol's official June 3, 2026 update and Wu Blockchain X, Mandiant's attributed findings. Ongoing developments may affect details reported here.

About the Author Sakshi Jain

English News Writer at coingabbar.com

Sakshi Jain is a crypto news writer focused on delivering fast, data-driven coverage of the digital asset market. Her articles consistently track daily market movements, token launches, airdrops, exchange listings, and institutional signals, helping readers stay ahead of short-term trends. She simplifies complex crypto developments—such as regulatory updates, Bitcoin allocation strategies, and emerging blockchain projects—into clear, actionable insights. Her work reflects a strong emphasis on timeliness, SEO-driven structuring, and trader-focused narratives, often highlighting price momentum, market sentiment, and risk factors. Sakshi primarily writes for active crypto participants seeking concise, reliable, and opportunity-oriented market updates.