SlowMist: Drift Breach Tied to Multisig Reconfiguration and Admin Access Compromise

According to Huo Xing Cai Jing, blockchain security firm SlowMist on April 2 released a post-mortem on the Drift exploit. SlowMist said Drift changed its multisig to a "2/5" setup—one legacy signer plus four new signers—about a week before the incident, and did so without adding a timelock. SlowMist said the attacker later obtained administrative privileges, minted counterfeit CVT tokens, manipulated oracle feeds, disabled security protections, and drained high-value assets from the vault. The stolen funds have largely been consolidated into Ethereum addresses, totaling about 105,969 ETH (roughly $226 million). SlowMist said it continues to actively track the funds' movements.