Slow Fog: The multi-signature mechanism was modified more than a week before Drift was stolen, and then the administrator privileges were leaked

The analysis of the Drift theft incident by Slow Fog pointed out that a week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock. The attacker then gained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the liquidity pool.

Currently, the stolen funds have mainly been aggregated to an Ethereum address, totaling approximately 105,969 ETH (about 226 million USD). Slow Fog stated that the flow of related funds is still being tracked.