Tether has never been shy about playing offense. And in the wake of one of the worst hacks to hit Solana's DeFi ecosystem, the world's largest stablecoin issuer saw an opening, and took it.

 

On April 16, Tether announced a recovery package worth up to $127.5 million for Drift Protocol, the Solana-based perpetual futures exchange that was drained of roughly $285 million on April 1 in a sophisticated hack attributed to North Korean operatives. Combined with $20 million pledged by other partners, the total rescue fund comes to nearly $150 million. But the dollar figure is almost secondary to what Tether actually got in return.

 

The Real Prize: Kicking USDC Off Solana's Biggest Perp DEX

As part of the deal, Drift will swap out Circle's USDC for Tether's USDT as its core settlement asset. That means 128,000 users and more than 35 ecosystem teams, including Gauntlet, Neutral, and M1, all migrate to a USDT-based trading environment. On a network where USDC has historically dominated, this is huge play.

 

On Solana, Circle's USDC carries a market cap of around $8.1 billion, compared to Tether's $3.05 billion. That's a more than 2.6-to-1 advantage for Circle on the chain. In global terms, the picture is reversed: USDT's circulating supply tops $185 billion versus roughly $79 billion for USDC. Tether has always dominated the overall stablecoin market; it just hasn't had much luck on Solana. Until now, maybe.

 

Paolo Ardoino, Tether's CEO, framed the intervention in fairly lofty terms. "Tether's role in the digital assets ecosystem is to provide a platform for individuals and institutions alike that is ready to step forward to help the industry in the moment of darkness," he said in a statement.

 

That said, analysts aren't exactly reading this as pure altruism. As one observer put it, the Drift exploit was, for Tether, an "operational window" to buy market share at a moment of maximum vulnerability. The funding structure itself reinforces this reading: repayments to affected users are tied to future trading activity on the relaunched platform, meaning Tether's money goes further the more Drift succeeds as a USDT venue.

 

Circle Gets the Blame, Tether Gets the Spoils

Tether saw the opening and definitely took it. Circle finds itself under intense scrutiny in the days following the Drift hack, after attackers transferred more than $230 million in USDC from Solana to Ethereum using Circle's own cross-chain transfer protocol. Critics, including on-chain investigator ZachXBT, pointed out that Circle had a window of at least six hours to blacklist the relevant wallets and freeze the funds, and did nothing.

 

Circle CEO Jeremy Allaire later defended the company's position, saying that USDC wallets are only frozen when directed by law enforcement or courts, not unilaterally during active hacks. The argument tracks with Circle's broader regulatory strategy, which prioritizes institutional alignment and compliance above all else. Whether that's the right call is debatable. What's less debatable is that a class action lawsuit has reportedly been filed against Circle in the aftermath, alleging the firm knowingly allowed attackers linked to North Korea to offload stolen funds through its own infrastructure.

 

Tether, by contrast, has a long history of freezing funds tied to hacks and illicit activity quickly, often without waiting for court orders. That operational difference has real consequences for platforms that care about protecting users when things go wrong.

 

How Drift Gets Back on Its Feet

The April 1 attack was a serious one. Blockchain analytics firm Chainalysis estimates losses at approximately $285 million. According to Drift's own postmortem, the attackers used a combination of social engineering and a technical method known as "durable-nonce pre-signing" to obtain privileged administrative access, a scheme that reportedly began at least six months before the exploit was executed. From there, the attackers deposited worthless CVT tokens as fake collateral, then withdrew real USDC, SOL, and ETH.

 

Drift's TVL, which was above $550 million before the attack, has since fallen to around $242 million. The protocol's recovery framework targets $295.7 million in outstanding user losses, a figure that actually exceeds its current TVL. To bridge that gap, the plan leans on future trading fee revenue flowing into a dedicated recovery pool. Users will also receive a separate recovery token representing their claim on that pool, transferable and distinct from the DRIFT governance token.

 

The market responded well to the announcement: DRIFT token surged roughly 22%, climbing from $0.045 to $0.055 on the day, after having fallen as much as 30% in the immediate aftermath of the exploit.

 

A Stablecoin War Fought One Bailout at a Time

The Drift deal lands at a time when competition in the stablecoin market is genuinely heating up. USDC has made real headway in institutional and DeFi use cases over the past couple of years, partly by positioning itself as the "clean" option for regulated environments. Circle's IPO plans have only reinforced that narrative.

 

Tether still holds a commanding global lead, but the gap in on-chain activity has been narrowing. Coindesk data shows USDC transaction volumes outpaced USDT's in recent months, and Circle's market share has been expanding. This makes Solana, where USDC has been strongest, a particularly important front in what is increasingly looking like a full-scale stablecoin war.

 

Whether the Drift bailout actually converts into lasting USDT dominance on Solana remains to be seen. Relaunch is contingent on Drift completing two independent security audits, and rebuilding trust with users after a $285 million heist takes more than a well-funded recovery plan. But Tether, at least for now, holds a key piece of Solana's DeFi architecture. And it didn't exactly have to do much begging to get it.

 

The Solana Foundation, in collaboration with blockchain security firm Asymetric Research, has launched new security initiatives aimed at strengthening the security of the Solana network.

 

In a blog post on Monday, the foundation announced the launch of new security initiatives designed to provide an extra layer of protection for protocols built on the network. Among these initiatives are STRIDE, a security framework, and SIRN, a network of security firms focused on protecting the Solana ecosystem.

 

 

The STRIDE Framework 

STRIDE, which stands for Solana Trust, Resilience and Infrastructure for DeFi Enterprises, is a structured security framework and program launched by the Solana Foundation. It is aimed at evaluating, monitoring, and escalating security across all projects built on the Solana network.

 

The STRIDE framework is built on eight key pillars: program security, governance and access control, oracle and dependency risk, infrastructure security, supply chain security, operational security, monitoring and incident response, and log management and forensics.

 

These pillars will be used by the foundation’s partner, Asymmetric Research, to evaluate the security strength of all protocols on the Solana blockchain. Protocols with a total value locked of more than $10 million that pass the STRIDE evaluation will receive continuous operational security and active threat monitoring, funded by Solana Foundation grants. The higher the evaluation result, the greater the level of protection and funding they will receive.

 

Protocols with a total value locked of more than $100 million that pass the STRIDE evaluation will also receive, in addition to grants, formal fund verification. The foundation describes this as a mathematical, proof based method that exhaustively guarantees the correctness of smart contracts.

 

The findings of the STRIDE framework will be published publicly. According to the foundation, this is intended to give users and investors insight into the protocols they use and rely on.

 

SIRN: A Network of Security Firms

Among the initiatives launched by the Solana Foundation is SIRN, short for Solana Incident Response Network, a network of security firms that will respond and act in the event of a security incident.

 

Although SIRN will be available to all blockchain protocols on the Solana network, priority will be given to protocols with higher total value locked, similar to the additional benefits that protocols with higher total value locked will receive under the STRIDE program.

 

Interested in knowing who makes up SIRN?

 

The Solana Incident Response Network comprises Asymmetric Research, OtterSec, Neodyme, Squads, and ZeroShadow, a combination of cybersecurity firms that includes Web3 and traditional security firms as well as a smart contract auditing firm.

 

Increase in DeFi attacks

The programming initiatives launched by the Solana Foundation are in response to the over $280 million attack on Drift Protocol, the largest decentralized perpetual exchange on the Solana blockchain. The attack is, so far, the most devastating DeFi attack this year and the second largest in the history of the Solana blockchain, following the 2022 Wormhole attack, which resulted in losses exceeding $325 million.

 

Step Finance, a DeFi aggregator built on Solana, was also affected by a DeFi hack earlier this year, which led to losses of about $40 million. According to DeFiLlama, over $168 million was stolen across 34 blockchain protocols in the first quarter of this year, prior to the Drift incident.