After Drift「Collapse」: Tether plans to invest $127.5 million to step in and rescue, while Circle’s “lawful freeze” has led to a class-action lawsuit

Written by: Glendon, Techub News

On April 1, Solana-based core perpetual contract decentralized exchange Drift Protocol suffered a serious security attack. A total of approximately $295 million worth of assets was stolen, making it the largest DeFi security incident of this year by scale. Before the incident, the protocol’s total value locked was about $535 million. But after the attack, this figure rapidly fell to $250 million, and the protocol’s systemic operations were nearly brought to a complete standstill.

Two weeks later, yesterday Drift Protocol officially disclosed an asset recovery plan to the public and prepared to rebuild the protocol. The plan is jointly driven by Tether along with several strategic partners. It proposes total funding support of $147.5 million, of which Tether will contribute up to $127.5 million and the other partners will contribute a combined total of $20 million.

This support plan includes a $100 million revenue-linked credit facility, dedicated ecosystem grant funding, and liquidity loans for market makers. All funds will be concentrated into a dedicated user recovery fund pool in the initial stage, prioritized for compensating users’ assets affected by the attack. As the platform’s trading revenue gradually recovers, this mechanism will achieve sustainable repayment through dynamic capital injections. The goal is to systematically cover all $295 million in outstanding losses within the coming months, thereby rebuilding market confidence and the protocol’s long-term stability without relying on token issuance or on-chain debt dilution.

Drift’s specific measures are to conduct a comprehensive redesign of the protocol, with security as the core. Under the new framework, all multisignature signers will be required to operate using dedicated signing devices. Transaction content must be verified independently outside the primary signing interface, and it will be confirmed only after the signing operation is executed. All key administrative operations will be set with time-lock mechanisms and equipped with real-time alert functions, so they can be flagged as abnormal and blocked before execution of proposals.

In addition, Drift will issue dedicated recovery tokens to each user affected by the vulnerability incident (different from the DRIFT governance token). Each token represents a claim right over the recovered funds pool and is transferable. Affected by this recovery plan, DRIFT surged to a high of $0.055 last night, with a short-term increase of more than 22%.

And in this announcement, the most noteworthy point is Drift’s emphasized USDT-centric restart plan. Due to Tether’s generous funding, when Drift is re-launched it will switch from USDC to USDT as its settlement layer. In addition, Tether will expand USDT market-making support by designating market makers, to ensure that Drift has a deep and highly liquid market from the very beginning.

However, what sharply contrasts with the strong support provided by Tether is that Circle is currently mired in a public opinion storm over a class-action lawsuit arising from the Drift attack incident—so what’s going on?

Before that, let’s quickly sort out the background and sequence of events of the Drift attack incident.

Drift Protocol is a decentralized derivatives trading platform launched on the Solana chain in 2021. Its core functions include perpetual contracts, spot trading, lending, and liquidity provision. It was once one of the perpetual contract exchanges in the Solana ecosystem with the highest TVL.

On April 1, Drift was hacked. In less than 1 hour, the protocol treasury saw more than $285 million in assets flow out. However, this incident was not a traditional smart contract vulnerability or a mnemonic phrase leak. Instead, it was a complex social engineering attack—carefully planned, long-term infiltrated, and exploiting flaws in the blockchain’s underlying mechanisms and governance architecture. More precisely, it was a major failure on Drift’s operational security.

The core of the incident is this: the attacker did not “break into” the system; rather, it made the system “voluntarily” hand over control. The attacker exploited Solana’s durable nonces mechanism. This mechanism was originally designed to support offline signatures and hardware wallets, allowing transactions to be pre-signed and remain valid for a long time. But because there were no effective usage constraints, it provided the attacker with an opportunity. After weeks of infiltration, the attacker posed as quantitative traders and members of the security committee to build trust, and then induced them to sign a series of seemingly routine governance operations. In reality, these instruction calls involved destructive actions such as transferring administrator privileges, adding the fake asset CVT as collateral, and disabling withdrawal limits.

On April 2, Drift’s official side published in detail the attacker’s approximate operation steps. The attacker first obtained access in advance via a durable nonce account, then successfully gained sufficient approval rights through the multisignature approval process (reaching the 2/5 multisig approval standard). After that, within just a few minutes, the attacker quickly executed a malicious transfer of admin privileges, gaining control at the protocol level. Finally, they used this privilege to introduce malicious assets and completely remove all existing withdrawal restrictions, carrying out an attack on the funds already in place.

After it occurred, this incident quickly triggered a chain reaction across the Solana ecosystem. Multiple DeFi protocols were affected, and it even caused extremely serious impact and destructive damage to the entire crypto industry. According to SolanaFloor statistics, as of April 3, more than 20 protocols including Reflect Money, Ranger Finance, Neutral Trade, Elemental DeFi, Project 0, Lulo Finance, Asgard Finance, DeFi Carrot, Pyra, xPlace, and Fuse Wallet had been severely impacted. For example, Prime Numbers Fi estimated losses of more than $10 million, Gauntlet about $6.4 million, Neutral Trade about $3.67 million, and Elemental DeFi about $2.9 million.

While Drift and many other DeFi protocols were deeply harmed by the attacks, USDC issuer Circle unexpectedly found itself pulled into a public narrative whirlpool of “slow reaction” and “inaction.”

Regarding this attack incident, on-chain investigator ZachXBT and Delphi Digital co-founder Tommy Shaughnessy, among others, posted tweets criticizing Circle for not freezing USDC transfers involved in the Drift attack.

Tommy Shaughnessy said that Circle, while knowing USDC was centralized, still chose to allow funds to flow freely. ZachXBT was even more forceful. He pointed out that Circle’s response was sluggish during the Drift attack. Within 6 hours, the attacker transferred more than 232 million USDC via the cross-chain transfer protocol CCTP, but Circle took absolutely no freezing action, which allowed these funds to be transferred smoothly.

ZachXBT added that the Drift attack incident was not an isolated case. In fact, since 2022, Circle has repeatedly had compliance failures in handling illicit funds, involving at least 15 major cases with a total amount exceeding $420 million. Although Circle has repeatedly claimed it has robust compliance plans and retains the right to freeze funds, when facing illicit funds, it has often taken only “minimal” actions.

In addition, ZachXBT listed multiple specific cases of Circle’s “slow reaction.” Besides the Drift incident, these include in May 2025 when Cetus Protocol was stolen of $223 million. The attacker transferred 61 million USDC, but Circle provided blacklist-related addresses only a month later.

Faced with criticism and questions, Circle’s Chief Strategy Officer Dante Disparte responded by saying that Circle freezes USDC only when it is legally compelled to do so, not as a unilateral decision. He also blamed Circle’s slow response problem on the fact that the response speed of the legal framework lags behind technological development. Circle CEO Jeremy Allaire stated that the company would not freeze USDC addresses involved in hacking or vulnerability incidents without receiving law enforcement or court orders, saying that privately interfering with users’ assets creates a “major moral dilemma.”

Undoubtedly, such responses could not calm public anger. Instead, they triggered further strong criticism from ZachXBT. ZachXBT directly accused Circle’s claim of “acting lawfully” of being fabricated and contradictory to its terms. In reality, no regulation explicitly states that issuers are prohibited from proactively freezing funds. ZachXBT also used screenshots to show that Circle’s terms explicitly reserve the right to freeze funds, and he once again blasted Circle’s actions as unforgivable—seriously damaging investors’ interests and market trust.

Just when everyone thought this controversy was merely a matter of words and debate, a representative of Drift investors—on behalf of more than 100 members—filed a class-action lawsuit against Circle in a district court in Massachusetts, bringing the dispute to the legal level. The plaintiffs claimed that during the Drift incident, within a few hours, about 230 million USDC was transferred from Solana to Ethereum via Circle’s CCTP cross-chain protocol, yet Circle took no freezing or intervention measures. Based on this, the plaintiffs believe Circle is allegedly assisting and abetting illegal funds conversion, and that it also shows serious negligence.

Interestingly, at precisely the critical moment when Circle was entangled in controversy, Drift received massive funding support from Tether. This move seemed to constitute a targeted reputational strike. Whether its motivation was an active push to seize the market or a passive response to Drift, the result was irreversible: Drift Protocol officially announced that it would fully abandon USDC and switch to USDT as its core settlement asset. On the one hand, this decision not only injects the liquidity Drift needs to survive, but also completes a value re-evaluation at the level of market psychology. After all, most protocols, after encountering similar incidents, quietly fade away. Tether’s involvement has undeniably opened a genuinely viable path to recovery for Drift.

On the other hand, looking back at the past, in multiple security incidents such as Ledger and Remitano, Tether has always frozen stolen USDT quickly. Tether’s response speed once again set USDC off as a “compliant but powerless” stablecoin, while it shaped USDT into financial infrastructure that is “action-capable and trustworthy.”

It is worth mentioning that DeFiLiama data shows that, as of the time of writing, USDC still remains the absolute dominant stablecoin in the Solana ecosystem, with a market share of nearly 52%. The market cap of USDC on Solana exceeds $8.1 billion, but USDT is only about $3 billion. In terms of this market landscape, the two sides’ market caps differ greatly.

However, Tether’s injection into Drift might become a key blow to challenge Tether’s impact on Solana’s stablecoin market dominance.

When USDC is criticized by the industry as a “passive gatekeeper” due to “acting lawfully,” and even faces legal lawsuits, Tether is demonstrating through action that the value of a stablecoin lies not only in being pegged to the dollar and having compliance credentials, but also in whether it can become the “last actor” in systemic risk.

Drift’s shift to USDT could become a historic turning point. Although, for now, this incident has not yet developed to a level that would prompt mainstream protocols in the Solana ecosystem to follow suit, its impact cannot be underestimated, and market sentiment may change as a result.

Tether’s $127.5 million injection, on some level, goes beyond the scope of capital aid. It is also a reprogramming of trust. In DeFi and the crypto industry, when systemic risk erupts, users don’t just ask “Are you compliant?”—they also ask “Are you willing to stand up for me?” Tether clearly captured this deep-seated need of users. It is using Drift’s “ruins” to build a new trust narrative for USDT. Meanwhile, the aura of compliance around USDC is being gradually eroded by its inaction at critical moments.