Drift Protocol Begins Full Rebuild After North Korea-Linked Hack

Drift Protocol said in a June 3, 2026 recovery update that an independent forensic review by cybersecurity firm Mandiant has attributed the earlier attack to UNC6862, a North Korean threat actor. Drift noted the group's methods align closely with patterns seen in historically state-sponsored North Korean cyber operations. As part of its rebuild, Drift has named Noah Prince, former engineering lead at the Helium protocol, as Protocol Lead. Prince will oversee codebase hardening and the redesign of the platform's security architecture. Drift also hired former Gauntlet team members to audit the clearing engine, refine funding rates and market parameters, strengthen clearing mechanisms, and set up continuous risk monitoring. The project said it plans to relaunch with a "security-first" focus and aims to reestablish itself as Solana's largest USDT perpetual futures exchange. With backing from strategic partners including Tether, Drift will create a dedicated recovery fund financed by platform revenues to compensate users for losses. The team said additional details on the recovery mechanism and timeline will be released over time.