$27M Hack Hits Whale Multisig Wallet, Funds Laundered

Key Highlights:

• $27.3 million worth of crypto stolen after attackers gained control of a whale’s multisig wallet.
• A chunk of this stolen crypto has been laundered through Tornado Cash.
• This hack highlights security limits of the multisig wallets.

PeckShield, a blockchain security company, posted on social media platform X today, December 18, 2025, and reported about a wealthy crypto investor’s wallet being hacked. According to the report, $27.3 million worth of crypto was stolen after the attacker managed to gain access to the wallet’s private key.

The wallet was a multisig wallet, which are considered to be very secure and they are widely used by large investors. However, this situation is a perfect example of how even the safest wallets can fail if the private keys are leaked.

PeckShield spotted the suspicious activity quickly, however by that time, the hacker had already moved funds to make them harder to trace. The attack highlights that when users control their own money, they are fully responsible for protecting their own keys and even a small mistake can lead to a huge loss.

Drainer’s Laundering Tactics and Remaining Holdings

Right after the attack, the attacker tried to hide the stolen money. PeckShield tracked about $12.6 million (which is around 4,100 ETH) that were being sent through Tornado Cash, a platform that mixes crypto in a way that it becomes hard to trace the origin. Tornado Cash is already under U.S. sanctions and is very commonly used by hackers to cover their tracks.

According to PeckShield, the hacker as of now still holds around $2 million in easily tradable crypto spread across different platforms. As their assets can be easily swapped or moved fast, experts expect the attacker to shift the funds soon, which could possibly be to other blockchains or more mixing services, making recovery even harder.

Control Over Victim’s Aave Leveraged Position

The situation is a little more complicated than it seems because the hacker is now controlling the victim’s entire multisig wallet and can freely manage its positions.

According to PeckShield, the wallet holds a high-risk leveraged bet on Ethereum (ETH) using Aave, major DeFi lending platform. The wallet deposited about $25 million worth of ETH as collateral and borrowed $12.3 million in DAI (a stablecoin) against it. This setup is used to bet big on ETH prices going up, profits grow fast if ETH rises, but losses also grow quickly if prices fall.

As the hacker controls the wallet, they can close or abuse this position whenever they want. If they dump the ETH collateral, it could push a great amount of ETH onto the market. This will increase pressure on the prices and the price of the token may drop down low.

The borrowed DAI could also be used to launder more funds or move money across the platform. Even though the position is currently safe and not close to liquidation, whale-sized moves like this have triggered chain reactions in the past, as seen in past DeFi crises that involved platforms such as Lido and Euler Finance.

Implications for DeFi Whales and Security

The incident is highlighting that multisig wallets alone are no longer enough for securing crypto wallets with large holdings. So it is better to adopt hardware wallets, MPC-based custody, and frequent security audits. For DeFi protocols such as Aave, the breach highlights the need for stronger liquidation safeguards and oracle protections.

From these models, it is clear that DeFi whales need to upgrade their security models and move ahead of the basic multisig setups so that such hacks can be avoided.

Also Read: SEAL Warns North Korean ‘Fake Zoom’ Crypto Hacks Are Increasing Daily