Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
More
SlowMist restores Drift attack chain
The critical vulnerability was planted a week ago.
A week before the attack, Drift adjusted its multi-signature mechanism to "2/5" (1 old signer + 4 new signers) and did not set a timelock — no mandatory waiting period, allowing high-risk configuration changes to be executed immediately.
Subsequently, the attacker gained admin privileges, completing a full attack chain in one go:
Forge CVT tokens to bypass asset verification logic
Manipulate the oracle to distort on-chain pricing
Disable security mechanisms to remove asset withdrawal barriers
Systematically extract high-value assets from the liquidity pool
In the end, over 105,969 ETH (approximately $226 million) was stolen.
SlowMist founder Yu Xian pointed out that DeFi project teams should promptly review extreme risk scenarios following owner/admin private key compromise and improve alert and response mechanisms.
One sentence: Changing multi-signature setups without a timelock is like leaving the door open for attackers.
#Drift #DeFi #SlowMist