Drift posts recovery update: relaunch, new security leadership, and Mandiant attribution

What happened

Drift Protocol posted a recovery update on 4 June 2026. After the exploit on its perpetuals protocol, the focus, per the statement, is on “relaunching a revenue-generating platform that can accelerate a path to user recovery”. The source is the official Drift blog.

What is planned

Relaunch: Drift intends to return as what it calls “the largest USDT-based perpetual exchange on Solana”, with support from Tether and other partners.
Recovery pool: revenue from the relaunched platform is meant to fund a dedicated pool addressing outstanding user losses.
Security-first reboot: the statement describes a “full protocol reboot with security as the foundation”.

New leadership and risk expertise

Noah Prince joins Drift as Head of Protocol, previously Head of Protocol Engineering at Helium. His focus, per the statement: strengthening the code base and reinforcing the platform’s structural protections. For risk and vault matters, Drift also brings in former members of the Gauntlet team — covering the liquidation engine, funding-rate and market parameters, and ongoing risk monitoring.

Forensic context

Security firm Mandiant conducted a forensic analysis and, per Drift, “conclusively attributed … the attack to UNC6862, a North Korean threat group with direct ties to other state-sponsored actors”. This places the incident among the growing number of state-attributed attacks on crypto protocols.

What to watch next

The concrete relaunch date and the terms of the recovery pool.
Which audit firms and technical safeguards (e.g. multisig, limits) are implemented in detail.
Whether the Mandiant attribution is corroborated by further sources or official bodies.

Not financial advice. This article reports on an ongoing recovery and relaunch process, not a completed outcome.

Sources

Drift Protocol — recovery update (3 June 2026)
Drift Protocol
SOLANA·HUB pillar: On-chain perps on Solana: Phoenix, Drift & co. explained