SlowMist: Drift's multi-signature mechanism was modified a week before the theft, followed by an admin key leak

BlockBeats News, April 2nd, SlowMist's analysis of the Drift hack incident pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker subsequently gained administrative privileges, minted fake CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.

Currently, the stolen funds have mainly been consolidated into an Ethereum address, totaling approximately 105,969 ETH (about $226 million). SlowMist stated that the whereabouts of the related funds are still being traced.