Drift Protocol

2021-01-01

Drift Protocol founded by Cindy Leow, David Lu, and co-founders; V1 deployed on Solana.

2022-05-11

Drift V1 suffers $14.5M PnL accounting bug triggered by LUNA/UST collapse; exchange paused twice during the day.

2022-05-27

Full $14.5M reimbursement made available to V1 users following emergency external financing.

2022-11-04

DRIFT governance token created; Drift V2 framework initiated.

2022-12-19

Drift V2 launches with JIT liquidity, decentralized order book, and passive liquidity providers.

2024-10-01

Radiant Capital suffers $50M hack attributed by Mandiant to UNC4736 — the same group later attributed to the Drift exploit.

2024-11-09

DRIFT token reaches all-time high of $2.96.

2025-11-01

OFAC issues sanctions against DPRK bankers and front companies for laundering proceeds from cybercrime and IT worker operations.

2025-11-01

UNC4736 threat actors begin approaching Drift contributors at international cryptocurrency conferences, posing as representatives of a legitimate quantitative trading firm.

2025-12-01

Attackers onboard an Ecosystem Vault on Drift, deposit over $1 million of real funds, and begin engaging contributors on Telegram regarding trading strategy and vault integrations.

2026-03-11

Attack staging begins: 10 ETH withdrawn from Tornado Cash at approximately 09:00 Pyongyang local time.

2026-03-12

Attackers deploy the CarbonVote Token (CVT) on Solana: 750 million units minted, approximately 80% attacker-controlled, seeded with $500 in real liquidity on Raydium and artificially priced at $1.00 via wash trading.

2026-03-23

Attackers begin preparing Solana durable nonce accounts and social engineering Security Council members into pre-signing governance transactions with hidden admin transfer authorizations.

2026-03-26

Drift Security Council migrated to a new 2-of-5 threshold configuration with zero timelock, eliminating the detection delay that would otherwise have enabled intervention.

2026-04-01

At 16:05:18 UTC, pre-signed durable nonce transactions executed; admin control transferred to attacker address H7PiGqqUaanBovwKgEtreJbKmQe6dbq6VTrw6guy7ZgL. CVT listed as collateral; withdrawal limits raised to ~$500 trillion; 31 withdrawal transactions drain $285-286 million in 12 minutes ending at approximately 18:31 UTC.

2026-04-01

Within 23 minutes of admin takeover, attackers begin bridging USDC from Solana to Ethereum via Circle CCTP; $232 million bridged across 100+ transactions over eight hours. Drift halts deposits and withdrawals.

2026-04-05

Drift publicly states medium-high confidence attribution to UNC4736/North Korean state actors; links the attack to the same group responsible for the October 2024 Radiant Capital hack.

2026-04-07

Gibbs Mura, A Law Group announces class action investigation into Drift Protocol hack losses.

2026-04-14

Gibbs Mura and Joshua Joseph Law Firm LLC file class action lawsuit in federal court in Massachusetts against Circle Internet Financial, alleging aiding and abetting hackers and negligence for failure to freeze $230 million in USDC bridged via CCTP.

2026-04-16

Drift Protocol and Tether announce up to $147.5 million rescue package ($127.5M from Tether, $20M from partners); Drift pivots settlement layer from USDC to USDT.

2026-05-05

Drift Protocol publishes comprehensive $295.4 million recovery plan: recovery tokens (1 token per $1 of verified loss, transferable), initial pool seed of $3.8 million, early redemption at discount above $5 million, estimated eight-year timeline to full compensation at current revenue rates.