$27M DRAINED AS ATTACKERS EXPLOIT PRIVATE KEY IN MULTISIG WALLET
Crypto security firm PeckShield has reported a major breach of a whale’s multisig wallet, in which an attacker gained control after compromising a private key. The incident allowed the thief to drain approximately $27.3 million, including a $25 million ETH-backed leveraged position on Aave, significantly increasing the overall risk exposure.
According to PeckShield’s alert on X, “A whale’s multisig was drained of ~$27.3M due to a private key compromise.” On-chain analysis revealed that the attacker initiated the laundering of a portion of the stolen funds through Tornado Cash, a privacy mixer commonly used to obscure transaction trails.
So far, roughly $12.6 million (around 4,100 ETH) has been laundered, while about $2 million remains in liquid assets under the attacker’s control. The incident highlights how even supposedly secure multisig wallets can become single points of failure when key security measures are compromised.
Multisig Breach Turns Active Aave Position Into Live Risk
The recent attack on a whale’s multisig wallet has created an ongoing exposure. According to PeckShield, the attacker now controls the wallet, which holds a leveraged long on Aave: roughly $25M in ETH supplied against $12.3M in DAI borrowed.
GLASSNODE REPORTS $3.4B BITCOIN SOLD BY WHALES AS BTC STRUGGLES AT $92K
This highlights a critical point: multisig wallets do not automatically secure funds if the attacker can meet the signing threshold or gain control of the approval process. Once access is obtained, the attacker can move quickly, drain liquidity, and make recovery efforts significantly more difficult.
Live Positions Amplify Threat From Key Theft
On-chain data shows repeated outflows to Tornado Cash, suggesting systematic laundering rather than a single panic transfer.
ETHEREUM SET FOR A POTENTIAL 15% RALLY ON EMERGING INVERSE HEAD AND SHOULDERS
The attacker has also interacted with contracts tied to ownership and control, suggesting that the compromise may extend beyond a single transfer. This demonstrates that losing multisig keys can have cascading effects, especially when wallets act as a control hub for live positions in DeFi.
How Key Theft Escalates Risk in DeFi
Even with distributed signing keys, users remain vulnerable to phishing, malware, SIM swaps, unsafe backups, or accidental approvals of malicious transactions.
For DeFi power users, wallets often serve as more than storage—they control collateral, borrow lines, and position health factors. When an attacker gains access, the potential damage can extend far beyond the initial drained funds, creating cascading financial risks across platforms.
Conclusion
The $27.3M multisig wallet breach underscores the persistent risks in DeFi, even with supposedly secure setups. Once private keys are compromised, attackers can not only drain funds but also manipulate live positions, amplifying systemic risk. Users must remain vigilant with key security, multisig governance, and approval protocols, especially when wallets control leveraged positions or collateralized assets.
FAQs
Q: How much was stolen in the multisig wallet breach?
A: Approximately $27.3 million, including a $25 million ETH-backed leveraged Aave position.
Q: How did the attacker launder the funds?
A: The attacker routed funds through Tornado Cash, a privacy mixer, laundering about $12.6 million so far.
Q: Why is a multisig wallet vulnerable in this scenario?
A: If the attacker compromises enough keys to meet the signing threshold, they can control approvals and move funds despite the multisig setup.
Q: What makes this breach particularly risky for DeFi users?
A: The compromised wallet controlled live positions, collateral, and borrow lines, meaning the attack could trigger cascading losses beyond the initial theft.
Q: How can users protect multisig wallets from such breaches?
A: Use strong key security practices, avoid unsafe backups, remain vigilant against phishing, malware, SIM swaps, and review approval prompts carefully.
