ChainCatcher report: SlowMist published an analysis of the Drift hack, stating that one week before the attack, Drift changed its multisig setup to a “2/5” configuration (one old signer + four new signers) without implementing a timelock. The attacker subsequently gained administrative privileges, forged CVT tokens, manipulated oracles, disabled security mechanisms, and transferred high-value assets from the vault. Currently, the stolen funds have been primarily consolidated into Ethereum addresses, totaling approximately 105,969 ETH (around $226 million). SlowMist noted that the movement of these funds is still being actively tracked.
Drift Hacked Following Multisig Change and Admin Privilege Leak
ChaincatcherShare
Summary
A security breach at Drift occurred after the project changed its multisig setup to '2/5' without a timelock. Attackers gained admin privileges, forged CVT tokens, manipulated oracles, and drained approximately 105,969 ETH ($226 million) from the pool. The stolen funds are now in a single Ethereum address. SlowMist is tracking the Ethereum transaction flow, but the full trail remains under investigation.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.