I am writing as an unaffected Drift Protocol user with X SOL staked in the lending protocol, assets that were explicitly not stolen, not compromised, and remain intact according to Drift’s own recovery update of April 16, 2026.
What Drift’s own update confirms:
The Insurance Fund was not compromised. All Insurance Fund depositors’ assets remain intact and will be available upon relaunch. But then Drift proposes subjecting those untouched assets to a DAO governance vote, deciding whether they are returned to depositors or rolled into the general recovery pool. This is not a governance question. This is a question of property rights.
The Legal Framework: MiCA (Regulation EU 2023/1114)
MiCA has been fully applicable since December 30, 2024 and binds any platform actively serving EU users, regardless of where it is incorporated. The relevant provisions:
Article 70 requires CASPs to “make adequate arrangements to safeguard the ownership rights of clients, especially in the event of insolvency.” My ownership rights are not contingent on a DAO vote. Allowing token holders to decide whether my assets are redistributed to others is not safeguarding ownership rights. It is the opposite.
Article 75 requires that assets held in custody on behalf of clients must be returnable to those clients. There is no carve-out for governance votes. The custody agreement I entered into with Drift did not include a clause permitting my assets to be redirected to cover third-party losses.
Article 72 requires CASPs to identify and mitigate conflicts of interest. Using a DAO vote where DRIFT token holders decide the fate of lending protocol depositors is a textbook conflict of interest. Token holders benefit from a larger recovery pool at the direct expense of depositors.
Article 75(4) requires explicit client consent for any use of assets, not a non-negotiated standard form contract. I have never given explicit consent for my staked assets to cover losses of third parties. A governance vote is not a substitute for individual consent.
What I am asking for:
- All lending protocol deposits must be returned in full upon relaunch, unconditionally and without any DAO vote applying to them.
- Drift must publish a clear legal opinion on its obligations under MiCA Articles 70 and 75 with respect to lending protocol depositors specifically.
- If Drift believes it can legally redirect these assets via governance vote, it must explain publicly how that is compatible with MiCA’s safeguarding and consent requirements.
The hack was the result of an operational and human security failure on Drift’s part. That cost should not be transferred to users whose funds were never touched. I reserve the right to escalate this to the AFM (Autoriteit Financiele Markten) and ESMA, and to seek legal counsel if Drift proceeds with any vote that imposes losses on unaffected lending protocol depositors without explicit individual consent.