A crypto whale lost nearly $38 million after an attacker emptied a multisig wallet following a private key compromise.
A crypto whale has lost about $38 million after an attacker took control of a multisig wallet earlier today and quietly drained its funds.
The case is attracting a lot of attention because the attacker not only moved assets through Tornado Cash, but also retained control of a leveraged DeFi position linked to the compromised wallet.
Multisig cleared after private key compromise
Blockchain security company PeckShield reported on Follow-up on-chain tracking showed that the total damage was closer to $38 million once related portfolios and positions were included.
According to PeckShield, the attacker has already sent 4,100 ETH worth approximately $12.6 million via Tornado Cash in an apparent attempt to cover up the trail. About $2 million in liquid assets remains. What is more worrying is that the attacker still controls the address of the victim, who has a long position on Aave. Data from the chain shows that approximately $25 million worth of ETH is being provided as collateral, compared to more than $12 million in borrowed DAI.
On-chain analyst Spectre shared a detailed timeline on However, this setup defeated the primary purpose of a multisig, which was to require multiple independent approvals.
Less than 40 minutes after funds were transferred to it, the wallet saw a massive outflow that depleted all of its tokens. Around the same time, the signer was switched to an address controlled by the attacker.
Specter said the most likely explanation is that the private key was leaked during installation or that the victim had to rely on a malicious third party for help in creating the wallet. A later post, quoting researcher Tanuki42, suggested that the attacker may have created the multisig themselves, leaving the victim visible both during and after installation.
You might also like:
A common pattern in crypto security flaws
The incident fits into a broader pattern of private key theft and social engineering that continues to plague the crypto sector. In a December 15 report, the cybersecurity group Security Alliance warned that North Korea-linked hackers are making fake Zoom and Teams calls every day to plant malware and steal private keys, a method associated with hundreds of millions of dollars in losses.
Binance founder Changpeng Zhao issued a similar warning in September. He said attackers are increasingly focusing on human trust rather than smart contract bugs, often posing as helpers, job applicants or meeting organizers.
The chain’s history shows that the whale had been active for months before the hack. On May 7, Onchain Lens reported that the same address had withdrawn over 2,500 ETH from OKX and staked funds through Kiln Finance, steadily building a large ETH position.
For now, the attacker’s continued control of the Aave position adds another layer of risk. If markets move sharply, forced liquidations can magnify losses, turning an already costly breach into an even harsher lesson in multisig security and private key handling.
SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).
#Crypto #Whale #loses #million #multisig #exploit