SlowMist: The multi-signature mechanism was modified more than a week before the Drift theft, followed by an administrator privilege leak.

MarsBitNews · 2026-04-02T02:16:12+00:00

SlowMist analyzed the Drift theft incident, pointing out that the compromised multi-signature mechanism and the absence of a time lock allowed the attacker to gain administrative access, forge tokens, and manipulate the oracle, ultimately stealing approximately $226 million worth of assets. The flow of funds is still being tracked.

MarsBitNews

2026-04-02 02:16:12

Abstract generation in progress

Mars Finance reported that on April 2, SlowMist posted an analysis of the Drift theft incident. It pointed out that one week before the attack, Drift changed its multisig mechanism to “2/5” (1 old signer + 4 new signers) and did not set a timelock. The attacker then obtained administrator privileges, forged CVT tokens, manipulated the oracle, disabled security mechanisms, and transferred high-value assets from the fund pool. At present, the stolen funds have mainly been consolidated to Ethereum addresses, totaling about 105,969 ETH (about $226 million). SlowMist said that the related fund flows are still being actively tracked.

DRIFT-40.31%

ETH-3.93%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.