Insurance Fund Assets: Legal risks and Vote on resolution

Legal complications of asset seizure

1. The Limits of the DAO and Legal Liability The Insurance Fund Vault (IFV) was explicitly designed to “pay off liabilities when an account is bankrupt” and “backstop the respective asset-denominated liquidations”. It is a purpose-built liquidity pool, not a general treasury. A token-holder vote cannot legally authorize the misappropriation of these funds. Voting to repurpose the IFV to cover an exploit is a material breach of the parameters under which stakers provided liquidity, and a DAO vote does not absolve the team or multisig signers of this liability.

2. The Fallacy of “Universal Benefit” Drift’s Terms of Use shield the team from liability for steps taken for the “benefit of all Drift users”. However, seizing the IFV to compensate hacked users is a zero-sum transfer. It confiscates assets from one specific class of users (IFV stakers) exclusively to pay another. It is mathematically impossible to classify a targeted wealth transfer at the irrecoverable expense of other users as a universal benefit.

3. The Real Threat to Protocol Continuation Redistributing the IFV does not ensure the “continuation of Drift”. It actively threatens it. If the DAO sets a precedent of arbitrarily seizing isolated, purpose-staked funds to plug unrelated protocol deficits, Drift’s trust model is permanently broken. No rational actor will ever provide liquidity again if their capital can be confiscated by a governance vote to socialize someone else’s loss.

4. The Only Defensible Path Forward The team initially removed IFV funds for “safekeeping.” Temporarily extracting liquidity from an attacker is a legitimate step taken to protect users and ensure the protocol’s continuation. To maintain this legal defense, Drift must return the IFV, either by refundable dissolution, or to service in the same terms for the protocol’s re-launch. This honors the established smart contract parameters, restores the trading backstops, and prevents a catastrophic precedent of arbitrary asset seizure.

Resolving the Protocol’s Liability: Required Action

The Drift protocol is currently holding IFV assets outside of their designated smart contracts. While this was acceptable as a temporary emergency measure, leaving these funds in limbo or repurposing them exposes the protocol, the multisig signers, and the DAO to severe, ongoing legal liability for breach of contract.

The DAO possesses the authority to dictate the future operational structure of the protocol. It does not possess the authority to seize user deposits or overwrite the foundational agreements under which IFV liquidity was provided.

Therefore, to resolve the protocol’s current liability and legally transition the IFV out of its temporary safekeeping state, the community must vote to execute one of the following two legally compliant administrative actions:

• Action 1: Operational Reinstatement
  Return the IFV to service in the Drift protocol relaunch, retaining its exact original function, constraints, and terms to backstop trading bankruptcies.

• Action 2: Structural Dissolution
  Decommission the IFV and execute a direct, pro-rata refund of the vault’s assets to the stakers who held them prior to the exploit.

To protect the protocol from immediate arbitration and legal action, one of these two paths must be selected prior to relaunch. Any attempt to introduce an alternative action that redirects these specific funds to a general recovery pool is legally void and will be treated as a material breach.

Zero discussion, dead forum?

I agree that the user-attributable portion of the IF should be returned to IF depositors.

The IF was described as unaffected, and user IF stakers did not sign up to backstop this kind of exploit. Redirecting user-owned IF funds would be a bad precedent and would make it hard to trust or restake into the IF after relaunch.

That said, I do think the protocol-owned shares should be discussed separately. Those are not the same as user-owned IF deposits, and the split should be verifiable on-chain. From my rough accounting, Drift-protocol-owned shares look meaningful at 8M+ — for example, USDC IF around ~38.8% protocol-owned and USDC-1/JLP around ~41.8% protocol-owned.

So IMO the clean path is: return user-owned IF funds to depositors, publish the share accounting, and let governance discuss what to do with the protocol-owned portion separately.

I agree. If Drift expects the relaunch to have any credibility, the insurance capital needs to be released to its rightful owners.

Insurance fund stakers provided capital for a specific purpose. If the team or governance can redirect user-owned IF funds whenever there is a protocol shortfall outside the risk users signed up for, then Drift itself becomes harder/impossible to trust.

Drift should publish the on-chain accounting, return the user-attributable portion, and discuss any protocol-owned portion separately. That gives Drift a much more credible path to rebuild trust.

Agreed - For Drift to have any hope of continuing in the future the insurance fund must be returned to the original owners.

The whole concept of a DAO vote on taking the funds for the recovery fund is effectively an attempt at money laundering.

Anything other that a full return of funds would constitute wire fraud.

I support the view that Insurance Fund assets must either be returned to depositors pro-rata or reinstated under the original Insurance Fund mandate.

The key issue is not whether Drift needs a recovery pool. The issue is whether unaffected, purpose-specific user deposits can be retroactively repurposed to cover a completely different category of loss.

Insurance Fund depositors accepted a defined risk: trading-related bankruptcies, liquidations, borrower defaults, and AMM deficits. They did not deposit into a general protocol bailout fund, and they did not agree to underwrite exploit losses, multisig compromise, operational failure, or protocol-wide recovery obligations.

This distinction is especially important because Drift initially stated that the Insurance Fund was not affected and that depositors’ assets remained intact and would be available upon protocol relaunch. Only later did the framing change to: release of the funds depends on a governance vote, and the DAO may decide whether the funds are returned to depositors or added to the recovery pool.

That is a serious shift. A DAO vote should not be used to retroactively convert specific-purpose user deposits into recovery capital for unrelated losses. Governance can decide the future structure of the protocol, but it should not rewrite the terms under which existing IF depositors provided liquidity.

If the Insurance Fund can be redirected simply because it survived the exploit, then the precedent is damaging: any isolated or purpose-built vault can become a general bailout fund whenever governance finds it convenient.

The clean resolution is simple: either return the Insurance Fund pro-rata to depositors if the fund is decommissioned, or reinstate it under its original mandate if it remains part of the relaunched protocol. Redirecting it to the recovery pool would be a retroactive expansion of IF depositor risk and a major breach of trust.

I agree with most of what you said, but I don’t think reinstating on relaunch works for USDC since they will be settling in USDT.

Agree - voting away the IF would cause enormous reputational damage to the platform and EVERYONE would lose as a result.

Agreed. I strongly urge Drift to revert to their previous position regarding the Insurance Fund (IF). Changing the funds’ associated risk clauses without explicit user approval is not only illegal — it will also trigger severe backlash and irreparable damage to the platform. If Drift unilaterally alter the terms now (like they’re trying to do with the DIP-10 proposition): who would ever stake capital in the Insurance Vault again if they set this precedent? Once trust is broken at this level, it’s nearly impossible to rebuild. Users will no longer take your clauses seriously, civil lawsuits are almost certain, and the platform will attend its own funeral. The right decision here is still possible. Drift should honour the original terms, respect their users and comply with the law.

is DIP-10 related to Insurance fund at all? It seems to only talking about the borrow/lend pool.