Analysis of the Drift exploit status by contract audit firm oshield: 1. There appears to be evidence that someone within the Drift multisig updated the Drift state account to change the admin. 2. It appears that one of the multisig members approved that change. 3. The current admin is the attacker's account. 4. The attacker used the corresponding key to initialize the spot market vault for CVT. According to oshield, CVT is a fraudulent token with an inflated price. 5. Subsequently, CVT was deposited, and actual tokens were withdrawn using Drift's cross-margin and swap functions. 6. According to oshield's latest analysis, a program upgrade is currently underway to regain admin privileges. It's unfortunate... I've seen this team frequently at events, and I thought they were a project diligently building momentum... I sincerely hope they can recover well in some way. x.com/SolanaFloor/status/20394...