A recent whale multisig wallet breach has now led to a $27 million crypto loss and exposed deeper risks tied to live DeFi positions.
A whale multisig wallet was breached this week, shaking confidence across the market.
Blockchain security firm PeckShield tracked the hack and shared details as funds began to move on-chain.
The case goes beyond a simple theft, as the attacker’s control over active lending positions has turned the breach into a more serious threat.
Whale Multisig Wallet Breach Unfolds On-Chain
PeckShield raised the alarm early Thursday. The firm reported that a whale multisig wallet lost about $27.3 million after a private key compromise.
Once the attacker gained signing power, the wallet stopped acting as a shared security setup.
This is important because multisig wallets rely on multiple approvals before moving funds. However, that model fails if an attacker meets the signing rules. PeckShield explained that the attacker gained the ability to act freely, and funds moved out quickly as soon as they got in.
On-chain data shows the drainer split the stolen assets and sent several transfers out via Tornado cash. The level of speed indicates that the attacker planned the move, rather than making a rushed grab.
Several transfers went out in short intervals. The speed suggests planning rather than a rushed grab.
How the Attacker Laundered the Funds
The attacker moved a large share of the stolen crypto through Tornado Cash. PeckShield tracked about $12.6 million routed through the mixer, which was worth 4,100 ETH.
Tornado Cash was used because it breaks the links between sender and receiver, making it harder to track thefts. Because of this, hackers often use it to blur transaction history.
Another notable aspect of this hack is that PeckShield noted a clear pattern. Funds moved in round lots, and each transfer followed a similar size. Analysts so far, are saying that this behaviour resembles methodical laundering.
Roughly $2 million still sits in liquid assets, and these funds are easy to move or swap. This being said, observers expect the attacker to perform further activity soon.
Related Reading: Coinbase Hacker Moves $24M (5,514 ETH) Through Tornado Cash, Slowly Draining Funds
Control of Aave Position Raises Stakes
The whale multisig wallet breach did more than drain cash. The attacker now controls a live leveraged position on Aave and PeckShield flagged this detail as a serious concern.
The wallet supplied about $25 million worth of ETH as collateral. Against that, it borrowed roughly $12.3 million in DAI. This setup shows that the atacker is bullish on ETH.
As of writing, the attacker has the power to withdraw collateral, repay or reroute borrowed funds or even wait and act later (which they are currently doing).
This being said, if ETH collateral floods the market, prices may feel pressure and ETH may tank.
Source: https://www.livebitcoinnews.com/another-whale-falls-27m-drained-12m-laundered-through-tornado-cash-and-the-drainer-still-holds-the-keys/
