Whale’s Multisig Wallet Compromised, $40M Stolen and Laundered Over Weeks

A crypto whale’s multisig wallet was compromised, losing over $40M, with funds laundered in batches

Fridah Kangai
December 19, 2025
3:00 pm

Fridah Kangai

Fridah Kangai is a dedicated crypto journalist with a sharp eye for market trends, blockchain innovation, and digital asset movements. She specializes in breaking down complex topics into clear, engaging stories for both seasoned investors and curious newcomers. With a passion for decentralization and a pulse on the ever-evolving crypto space, Fridah delivers timely, accurate, and insightful coverage. Her work bridges the gap between technology and everyday understanding in the world of cryptocurrency.

Crypto whale loses $40M in multisig wallet hack and laundering.
Attackers exploit weak wallet setup, draining millions in stages.
Forensic experts uncover extensive theft, suspecting early breach in November.

A crypto whale’s multisig wallet has been compromised, leading to the theft of over $40 million. PeckShield, a blockchain security company, claimed that attacks on the wallet started minutes after its formation, and the hacker controlled the private key. The stolen money, initially valued at approximately $27.3 million, was later laundered using Tornado Cash, enabling the transfer of roughly $12.6 million. Moreover, the attacker held approximately 2 million in liquid assets and seized a leveraged long position on Aave.

Also Read: FDIC Advances Stablecoin Rules as Banks Seek Approval to Issue Tokenized Dollars

Attackers Exploit Weak Wallet Configuration and Launder Funds in Batches

Recent revelations made by Yehor Rudytsia, the leader of the forensic department at Hacken Extractor, suggest that the theft may have been ongoing for some time, with indications that the attack occurred as early as November 4. Rudytsia indicated that the victim had created a multisig wallet, which was instantly handed over to the attacker only six minutes later, prompting suspicions that the attacker had arranged the wallet to initiate his chain of actions in stealing.

#PeckShieldAlert A whale's Multisig was drained of ~$27.3M due to a private key compromise.

The drainer has laundered $12.6M (4,100 $ETH) via #TornadoCash and retains ~$2M in liquid assets.

The drainer also controls the victim's multisig, which maintains a leveraged long… pic.twitter.com/1Ulk4X7bkl
— PeckShieldAlert (@PeckShieldAlert) December 18, 2025

The design of the wallet was also a significant fault. Being set to a 1-of-1 system, it took just one signature to approve transactions, which bypasses the basic security mechanism of multisig wallets, which usually demand multiple signatures to authorize transactions. Such an arrangement was an enticing target for the attacker to the wallet itself.

Ongoing Threats and Recommendations for Crypto Security

After the control, the attacker proceeded with a plan of strategic laundering. The attacker deposited 1,000 ETH on a single day (November 4) into Tornado Cash and would transfer smaller amounts to the latter through the end of December. This was a systematic method of enabling the attacker to hold onto the stolen money for a more extended period, making it more difficult to trace. To date, approximately, there is a wallet full of compromised data, with an approximate amount of $25 million in the hands of the attacker.

The attack highlights the importance of robust security measures in managing crypto wallets. According to experts, vulnerabilities such as malware, phishing attacks, and operational security drawbacks were factors that contributed to the attack. To prevent such incidents in the future, experts recommend a method of signing and verifying transactions that are not displayed in the user interface by using cold storage devices.

Also Read: Tether Unveils PearPass, a Decentralized Password Manager