Whale Multisig Breached After Private Key Compromise Drains $27M
Shalini is a crypto reporter who provides in-depth reports on daily developments and regulatory shifts in the cryptocurrency sector.
- Bitcoin Logs $3.2B In Loss-Taking Wave, Beating Luna And FTX-Era Shock Levels
- Asia Market Open: Bitcoin Plunge to $64K Rattles Risk Assets as Tech Slump Ripples Through Asia
- Trump-Linked World Liberty Financial Draws House Scrutiny After $500M UAE Stake Revealed
- Binance Says Assets Increased During Suspected Bank Run Attempt
- Asia Market Open: Bitcoin Tumbles To $72K As Asian Equities Track Global Tech Slump

A crypto whale has watched a supposedly hardened multisig wallet turn into a single point of failure, after a private key compromise let an attacker siphon about $27.3M and start washing funds on-chain.
PeckShield flagged the incident in an X alert, observing on Thursday that “a whale’s Multisig was drained of ~$27.3M due to a private key compromise.”
On-chain traces shared by the security firm show the drainer routing a large chunk of the haul through Tornado Cash, a privacy mixer often used to break transaction links.
PeckShield said the attacker had already laundered about $12.6M, roughly 4,100 ETH, and still held around $2M in liquid assets.
#PeckShieldAlert A whale's Multisig was drained of ~$27.3M due to a private key compromise.
— PeckShieldAlert (@PeckShieldAlert) December 18, 2025
The drainer has laundered $12.6M (4,100 $ETH) via #TornadoCash and retains ~$2M in liquid assets.
The drainer also controls the victim's multisig, which maintains a leveraged long… pic.twitter.com/1Ulk4X7bkl
Multisig Control Turns Active Aave Position Into Live Risk
The breach also came with a live tail risk. PeckShield said the attacker now controls the victim’s multisig, which still holds a leveraged long on Aave, with about $25M in ETH supplied against roughly $12.3M in DAI borrowed.
That detail matters because multisig setups do not automatically protect funds if an attacker can meet the signing threshold, or if the wallet’s governance is effectively captured through compromised keys and approvals.
Once the attacker can sign, they can move fast, pull liquidity, and make recovery attempts far harder.
Live Positions Turn Key Theft Into Cascading Risk
Data shows repeated outflows to Tornado Cash in round lots, the sort of pattern traders associate with systematic laundering rather than a one-off panic exit.
They also point to the attacker interacting with contracts tied to ownership and control, suggesting the compromise extended beyond a single transfer.
Teams can distribute signing keys and still lose them to phishing, malware, SIM swaps, unsafe backups, or rushed approvals on malicious transaction prompts.
It also points to a second-order risk specific to DeFi power users. The wallet is not just a vault but a control plane for live positions. Once an attacker gains access to collateral, borrow lines or health factors, the damage can cascade well beyond the initial drain.
- Perplexity AI Predicts XRP Will Hit This XRP Price by End of 2026
- Microsoft Copilot AI Predicts Insane XRP Price by End Of 2026
- Sam Altman ChatGPT AI Predicts Insane SpaceX Stock Price by End of 2026
- Google Gemini AI Predicts Shocking Bitcoin Price by End of 2026
- XRP Price Prediction: Key Metrics Point to a Crash
About Us
2M+
250+
8
70
Market Overview
- 7d
- 1m
- 1y
- Perplexity AI Predicts XRP Will Hit This XRP Price by End of 2026
- Microsoft Copilot AI Predicts Insane XRP Price by End Of 2026
- Sam Altman ChatGPT AI Predicts Insane SpaceX Stock Price by End of 2026
- Google Gemini AI Predicts Shocking Bitcoin Price by End of 2026
- XRP Price Prediction: Key Metrics Point to a Crash
More Articles
Get dialed in every Tuesday & Friday with quick updates on the world of crypto