Hacker Drains $27.3M from Multi-Signature Wallet

A sophisticated attacker has stolen $27.3 million from a whale's multi-signature wallet, highlighting ongoing security vulnerabilities in self-custody solutions. The breach resulted in the loss of multiple asset types, including approximately $2 million in liquid assets and control over a significant leveraged trading position. The core of the theft involved bypassing the wallet's multi-signature security, a setup typically used to enhance protection by requiring multiple approvals for transactions.

Attacker Laundered $12.6M via TornadoCash

Following the initial breach, the hacker began obfuscating the trail of the stolen funds. They laundered $12.6 million, equivalent to 4,100 ETH, through the decentralized crypto mixer TornadoCash. In addition to the laundered funds, the attacker gained control of the victim’s account on the Aave lending protocol. This position consisted of a $25 million leveraged long on ETH, collateralized against a borrowed $12.3 million in DAI stablecoin, exposing the victim to further potential liquidation losses.