Attacker takes over multisig minutes after creation, drains up to $40M slowly

Forensic analysis suggests an attacker took control of a whale’s multisig wallet minutes after creation and has been slowly draining funds since.

A crypto attacker apparently took over a whale’s multisig wallet minutes after it was created 44 days ago, and has been draining and laundering funds in stages since.

In a Thursday post on X, blockchain security firm PeckShield reported that a whale’s multisig wallet had been drained of roughly $27.3 million due to a private key compromise. PeckShield noted that the attacker has laundered about $12.6 million, or 4,100 Ether (ETH), through Tornado Cash and retained around $2 million in liquid assets, while also controlling a leveraged long position on Aave (AAVE).

However, new findings from Yehor Rudytsia, head of forensic at Hacken Extractor, indicate the total losses may exceed $40 million and that the incident likely began much earlier, with first signs of theft dating back as far as Nov. 4.

Read more