Drift’s sole focus is on relaunching a revenue-generating platform that can accelerate a path to user recovery. The relaunch will be the recovery engine that powers a dedicated recovery pool built to address outstanding user losses. The faster we bring back a secure, high-performing exchange, the faster that mechanism begins working for users. 

Drift will relaunch as the largest USDT-based perpetual exchange on Solana, and the community has a direct stake in its success. Thanks to the strategic support package from Tether and other partners, we have been able to make meaningful progress toward that goal. 

Today, we want to provide a detailed update on the steps we are taking to bring the platform back online.

Rebuilding the protocol, with security first.

‍Noah Prince, previously the Head of Protocol Engineering at Helium, will be joining Drift as Head of Protocol and will be focused on strengthening the code base and reinforcing protections in the platform structure. Noah previously led Helium’s platform’s migration to Solana end to end. We have shared previously that Drift is undergoing a full protocol reboot with security as the foundation. Noah has the experience and expertise needed for this important work. 

Additionally, former members of the Gauntlet team have been engaged to contribute their risk and vault expertise to the relaunch. Their work spans the full architecture of the relaunched platform, including reviewing the liquidation engine, refining funding-rate and market parameters, supporting launch configuration, liquidator optimization, and ongoing risk monitoring. 

Together, Noah and the team from Gauntlet will overhaul the code, harden the platform against future attacks, and build a more resilient protocol for Drift’s relaunch.

Forensic review.

Among our first actions was engaging Mandiant, a best-in-class cybersecurity and threat intelligence consultancy, to conduct an independent forensic analysis of the exploit. Mandiant’s investigation conclusively attributed  the attack to UNC6862, a North Korean threat group with direct ties to other state-sponsored actors involved in similar attacks on other platforms. The group's general tactics, techniques, and procedures align with historical North Korean operations and operational telemetry recovered during the review.

What’s next.

‍Our priority remains relaunching Drift as a security-first, perps-native exchange, and accelerating the path to user recovery through performance. We will continue to share updates - including detail on recovery mechanics and timing - as they become available.