A cryptocurrency whale lost nearly $38 million after an attacker drained a multi-signature wallet after compromising the private key.
The cryptocurrency whale lost nearly $38 million after an attacker took control of a multi-signature wallet and quietly drained its funds earlier today.
This case is receiving close attention because the attacker not only transferred assets through Tornado Cash, but also retained control of the leveraged DeFi position associated with the compromised wallet.
Multisig drained after private key was hacked
Blockchain security company PeckShield I mentioned On day On-chain follow-up showed that the total damages rose to nearly $38 million once the relevant wallets and positions were included.
According to PeckShield, the attacker actually sent 4,100 ETH worth around $12.6 million, through Tornado Cash in an apparent attempt to cover the trail. About $2 million remains in liquid assets. Even more worrying is that the attacker still controls the victim’s address, which has a long long position on Aave, with on-chain data showing about $25 million worth of ETH offered as collateral against more than $12 million in borrowed DAI.
Analyzer on the Specter series subscriber Detailed timeline for However, this setup defeated the primary purpose of multi-signature, which is to require multiple independent approvals.
Less than 40 minutes after the funds were transferred to it, the wallet experienced a massive outflow that depleted all tokens. Around the same time, the site was switched to an attacker-controlled address.
The most likely explanation is that the private key was leaked during setup or that the victim relied on a malicious third party to help create the wallet, Specter said. A later post, citing researcher tanuki42, suggested that the attacker may have set up the multisig himself, leaving the victim exposed during and after setup.
You may also like:
A familiar pattern in cryptosecurity failure
This incident fits into a broader pattern of private key theft and social engineering that continues to plague the cryptocurrency sector. In a report dated December 15, the cybersecurity group Security Alliance issued to caution North Korea-linked hackers are making fake Zoom and Teams calls daily to plant malware and steal private keys, a method linked to hundreds of millions of dollars in losses.
Binance founder Changpeng Zhao issued a similar warning in September, saying attackers were on the rise Targeting Human trust rather than defects to smart contracts, they often pretend to be assistants, job candidates, or meeting hosts.
The date on the chain shows that the whale was active for several months before the breach. On May 7, Onchain Lens reported that the same address had withdrawn over 2,500 ETH from OKX and funds held via Kiln Finance, steadily building up a large ETH position.
Currently, the attacker’s continued control of the Aave site adds another layer of risk. If markets move sharply, forced liquidations could exacerbate losses, turning an already costly hack into an even harsher lesson in multi-security and private key handling.
Secret Partnership Bonus for CryptoPotato Readers: Use this link To sign up and get $1,500 in exclusive BingX Exchange rewards (limited time offer).
