A ffected users of Drift Protocol will receive transferable recovery tokens representing claims on a pool funded by a $147.5 million rescue package and future exchange revenue. The pool is designed to gradually address approximately $295 million in user losses as the platform relaunches and generates revenue.
Related Brief Just now
cybersecurity Grinex Hack Erases $13.7 Million in Ruble-Backed Assets
Users of the Grinex cryptocurrency exchange are locked out of their accounts and funds. All trading, deposits, and withdrawals have been suspended indefinitely. The suspension follows a cyberattack that drained more than 1 billion Russian rubles, approximately $13.7 million, from 54 wallet addresses. Blockchain analytics firms Elliptic and TRM Labs tracked approximately $15 million in USDT leaving Grinex-linked accounts. To prevent Tether from freezing the stolen stablecoins, the attackers routed funds through the Tron and Ethereum networks and converted the USDT into TRX and ETH. The stolen assets were consolidated into a single wallet holding 45.9 million TRX, valued at approximately $15 million. Grinex, a Kyrgyzstan-registered exchange tied to Russia's domestic crypto-ruble ecosystem, attributed the breach to "foreign special services" and "foreign intelligence agencies." The platform is the successor to Garantex, a Moscow-based exchange sanctioned by the U.S. Treasury in 2022 for processing over $150 million in ransomware payments. After Garantex ceased operations in March 2025, liquidity and users migrated to Grinex, which other sources describe as a primary hub for the ruble-backed stablecoin A7A5, which Elliptic estimates has processed more than $100 billion in transactions. Two wallets linked to TokenSpot, another Kyrgyzstan-based exchange, transferred roughly $5,000 to the same consolidation address used in the Grinex heist.
The rescue effort is led by Tether, which committed up to $127.5 million, with an additional $20 million provided by unnamed partners. The funding is structured as a $100 million revenue-linked credit facility, ecosystem grants, and loans to market makers.
Related Brief 1d ago
cybersecurity Kraken Refuses Ransom After Insider Breach Exposes 2,000 Accounts
Two thousand Kraken clients face the risk of their private data being leaked on social media. The exposure occurred after two support employees were recruited by a cybercrime group to gain improper access to internal systems. These employees recorded videos of internal systems containing client support data for 2,000 accounts, or 0.02% of the user base. Kraken revoked employee access and strengthened controls following a tip in February 2025. A criminal group subsequently threatened to release the videos to media outlets and social media unless payment was made. Kraken refused to pay or negotiate with the ransom demands. A criminal investigation is underway to identify and arrest the responsible individuals. 2,000 clients face the risk of their private data being leaked on social media.
As a condition of the bailout, Drift Protocol will replace Circle's USDC with Tether's USDT as its primary settlement asset. This shift brings more than 128,000 users and 35 ecosystem partners onto USDT-based trading.
Related Brief 2d ago
defi regulation Non-custodial DeFi interfaces avoid broker-dealer registration costs
Users face fewer regulatory barriers to accessing decentralized trading services. This shift follows a staff statement from the SEC Division of Trading and Markets establishing an exemption for 'Covered User Interfaces.' These are software tools, including wallet apps and browser extensions, that convert user inputs into executable code for self-custodial wallets. To qualify, these interfaces must not hold user funds, control transactions, or route orders. Providers cannot receive transaction-based compensation, offer investment advice, or solicit specific trades using endorsements such as 'best price.' They must charge fixed neutral fees agnostic to products or venues. Required compliance includes providing disclosures of conflicts and cybersecurity measures and objectively vetting connected trading systems for liquidity and security. Developers of non-custodial, permissionless interfaces can now operate without the cost and complexity of broker-dealer registration. This non-binding interim measure is effective for five years unless withdrawn.
The recovery follows an April 1 exploit in which North Korean state-affiliated hackers drained $295.7 million in assets. The attackers had infiltrated the platform for six months by posing as a quantitative trading firm. After seizing governance control through pre-signed administrative transactions, the hackers moved $232 million in stolen USDC from Solana to Ethereum via Circle's Cross-Chain Transfer Protocol over an eight-hour window.
Related Brief 5h ago
crypto security Drift’s $148 Million Rescue Deal Puts User Repayments on a Revenue-Linked Clock
A portion of Drift’s future revenue will be directed to a special pool to compensate users who lost funds in a $295 million hack. The Solana-based protocol, reeling from the breach, secured $148 million from Tether and other partners to stabilize operations and fund recovery. That sum includes a $100 million revenue-linked credit facility, ecosystem grants, and loans to market makers. Unlike direct reimbursement, the payout to victims hinges on the protocol generating enough income to fill the compensation pool over time. Affected users will receive a special token certifying their claim rights, though the exact redemption mechanics are still pending. Drift will relaunch with USDT as its base settlement layer, shifting from USDC after criticism that Circle failed to freeze stolen funds—attackers withdrew over $60 million in USDC. The new architecture will feature a community-managed multisignature system, time locks for administrative actions, and real-time alerts, with all components audited by Ottersec and Asymmetric. The DRIFT token surged more than 21% to $0.05 on the news. Drift aims to fully cover user losses as revenue grows, but victims’ recovery now depends on the protocol’s commercial success.
Circle did not freeze the stolen funds during the transfer. In response, Drift Protocol investors filed a class action lawsuit in Massachusetts, alleging Circle failed to intervene despite having the technical ability to do so. Circle CEO Jeremy Allaire stated the company only freezes assets under the direction of law enforcement or court orders, calling unilateral action a "moral quandary."
Related Brief Just now
cryptocurrency regulation Payward spends $550 million to buy the only vertically integrated crypto derivatives stack in the U.S.
U.S. clients of Kraken and NinjaTrader will gain access to CFTC-regulated spot margin, perpetual futures, and options. This access follows a definitive agreement by Payward, the parent company of Kraken, to acquire Bitnomial for up to $550 million in cash and stock. Bitnomial is the first crypto-native platform in the U.S. to hold the three licenses required to operate a vertically integrated derivatives business: a designated contract market, a derivatives clearing organization, and a futures commission merchant. These licenses provide the exchange, clearinghouse, and brokerage framework necessary to run a full-stack business. Payward Co-CEO Arjun Sethi stated that the U.S. lacks clearing infrastructure built for digital assets and that Bitnomial's capabilities cannot be "retrofitted onto legacy systems." By acquiring these licenses, Payward bypasses the years of regulatory engagement and operational planning required to build the stack independently. The deal also expands Payward Services, the company's B2B infrastructure arm, allowing banks, fintechs, and brokerages to integrate regulated U.S. derivatives through a single API integration. The transaction values Payward's equity at $20 billion.
Drift will relaunch after independent audits by OtterSec and Asymmetric Research. The terminal goal is to make users whole over time through the recovery pool.
Related Brief 1d ago
regulation Stablecoin issuers must block sanctioned wallets in secondary markets—or face liability
Permitted payment stablecoin issuers must now actively prevent sanctioned individuals—from comprehensively restricted jurisdictions or on official watchlists—from using their tokens in secondary markets, including in peer-to-peer transfers between unhosted wallets. If they fail to do so, they risk liability for sanctions violations, even if they aren’t directly involved in the transactions. This obligation is part of a proposed rule issued on April 8, 2026, by FinCEN and OFAC under the GENIUS Act, which sets out the regulatory framework for stablecoin issuers before the full regime takes effect in January 2027. While issuers won’t be required to continuously monitor secondary market activity or file suspicious activity reports on it, they must maintain the technical ability to freeze or block funds when law enforcement issues an order. More significantly, they must proactively stop sanctioned parties from transacting at all. The rule treats partnerships between issuers and exchanges as correspondent accounts under Section 311 of the USA PATRIOT Act, subjecting them to heightened oversight. Issuers will also need to conduct risk assessments of their stablecoin’s technical design—especially smart contract functions like freezing balances—and update those assessments whenever they alter the code or expand to new blockchains. In primary markets, where issuers directly handle issuance or redemption, full transaction monitoring and SAR filings remain mandatory. But in secondary markets, where transactions occur without issuer involvement, the focus shifts from surveillance to prevention. To meet this standard, the Treasury encourages the use of blockchain analytics tools that can automatically flag and block sanctioned wallets at the protocol level. Elliptic, which analyzed the proposal, notes that these capabilities are no longer optional—they are essential for compliant operation in the US market.
The Ledger Morning The essential intelligence to start your trading day. Delivered 6:00 AM EST.
Join 50,000+ professionals who start their day with The Digital Ledger.
