- Trending
- Comments
- Latest
A crypto whale has lost $27 million after attackers compromised a multisignature wallet key—and the hackers now control an additional $25 million in active collateral on Aave, creating ongoing liquidation risk for one of DeFi’s largest lending protocols.
The breach, disclosed Thursday by blockchain security firm PeckShield, demonstrates how supposedly secure multisig setups can collapse when a single key is exposed, with attackers already laundering $12.6 million through Tornado Cash while maintaining control over the victim’s leveraged positions.
Blockchain data reviewed by PeckShield shows the attacker moving funds in structured, repeated batches to Tornado Cash, a pattern analysts typically associate with deliberate laundering rather than a hurried exit.
Once funds pass through such mixers, tracing and recovery become significantly more difficult, even when the theft is publicly identified within hours.
“On-chain traces indicate repeated outflows to Tornado Cash in round lots,” PeckShield noted, pointing to a systematic effort to sever links between the stolen funds and their source.
While law enforcement agencies have, in rare cases, recovered assets after high-profile hacks, the use of privacy tools sharply reduces those odds.
For investors watching from the sidelines, the takeaway is less about this specific wallet and more about the broader risk environment: once funds are mixed, practical recovery often depends on off-chain intelligence or mistakes by the attacker, not purely on blockchain transparency.
The episode also underscores how attackers increasingly move quickly from theft to laundering, compressing the response window for victims and exchanges that might otherwise flag or freeze assets.
Beyond the immediate loss, the breach carries a more complex and potentially destabilizing risk. PeckShield said the attacker now controls the compromised multisig wallet itself, which still manages an active leveraged position on Aave, one of decentralized finance’s largest lending protocols.
According to the security firm, the wallet holds roughly $25 million in ether supplied as collateral against about $12.3 million in borrowed DAI. That means the attacker is not just holding stolen assets, but effectively has the keys to a live DeFi position that can be altered, unwound, or manipulated at will.
“The attacker now controls the victim’s multisig, including a $25 million ETH-backed leveraged position on Aave,” PeckShield said, warning that the risk extends well beyond the initial drain.
This detail is critical for crypto investors because DeFi wallets often function as operational hubs, not static vaults.
Once an attacker gains signing authority, they can pull collateral, adjust borrow levels, or push positions toward liquidation. Such actions could crystallize additional losses for the victim and, in extreme cases, add stress to the underlying protocol if large positions unwind abruptly.
The hack highlights a second-order risk that is becoming more visible as whales and funds rely heavily on DeFi: wallets are no longer just storage tools, but control planes for complex financial strategies.
A compromised key does not simply unlock funds; it can trigger cascading effects across lending, borrowing, and liquidity positions.
Multisig setups are designed to reduce single-key risk, but they depend on secure key storage, careful approval processes, and protection against phishing, malware, SIM swaps, and malicious transaction prompts. If an attacker gains enough approvals or compromises enough keys, the protections effectively vanish.
As decentralized finance matures, incidents like this are likely to draw closer scrutiny from security firms, institutional players, and regulators alike.
For now, the $27 million breach serves as a cautionary tale not about whether multisig wallets work, but about how fragile even “hardened” systems can become when key management fails.
Copyright © 2025 - The Bit Gazette.
