PeckShield has reported the theft of $27.3 million from a whale’s multisig wallet.
Cybercriminals have struck a whale’s multisig wallet, resulting in a significant loss of funds. Blockchain security platform PeckShield reported on X that the attack led to the theft of $27.3 million from a single wallet.
The theft occurred in multiple stages. The compromised wallet had been created and funded only around 44 days prior to the attack.
Drainer Seized Control of Multisig Six Hours After Creation
According to PeckShield, the $27.3 million drain from the whale’s multisig wallet was due to a private key compromise.
The attacker has wasted no time in laundering the asset via a crypto mixer, with only about $2 million remaining in liquid assets.
The drainer utilized Tornado Cash to launder 4,100 ETH ETH $2 062 24h volatility: 0.5% Market cap: $248.90 B Vol. 24h: $18.16 B , equivalent to $12.6 million per the current market price.
#PeckShieldAlert A whale's Multisig was drained of ~$27.3M due to a private key compromise.
The drainer has laundered $12.6M (4,100 $ETH) via #TornadoCash and retains ~$2M in liquid assets.
The drainer also controls the victim's multisig, which maintains a leveraged long… pic.twitter.com/1Ulk4X7bkl
— PeckShieldAlert (@PeckShieldAlert) December 18, 2025
It appears that the bad actor is still controlling the victim’s multisig. This wallet maintains a leveraged long position on Aave AAVE $110.8 24h volatility: 1.4% Market cap: $1.68 B Vol. 24h: $249.28 M .
Yehor Rudytsia, Head of Forensic at Hacken Extractor, also investigated the incident and shared his findings.
The total losses may be more than $40 million. He also claimed that the incident likely began much earlier.
Rudytsia pointed to first signs of theft dating as far back as November 4, while clarifying that the “compromised” wallet may never have been under the control of the victim.
There are screenshots showing that ownership was transferred to the attacker just six minutes after the victim’s account created the multisig on Nov. 4 at 7:46 am UTC.
“Very likely the theft actor created this multisig and transferred funds there, then promptly swapped the owner to be himself,” Rudytsia said.
Bybit Hacker Launders Stolen Ethereum
Meanwhile, crypto mixers like Tornado Cash have become the best ally of most crypto criminals.
Once they secure their loot, they utilize this crypto tool to hide the source and make it difficult for them to ever be recovered.
When Lazarus Group siphoned funds from Bybit, it initiated laundering just a few days after.
It started with laundering 100,000 ETH, which was worth about $250 million. Within three days of the attack, it had moved over $605 million in Ethereum.
By the first week in March, it had laundered all 499,000 stolen ETH leveraging crypto mixers and DEXs.
next