Key Highlights
- A crypto whale lost $27M after a key leak, showing how hackers exploit wallets, DeFi, and privacy tools to hide stolen funds.
- Repeated scams and DeFi hacks highlight rising crypto risks, from phishing attacks to complex wallet and contract exploits.
- Hackers increasingly use social engineering and fake apps to steal crypto, showing persistent vulnerabilities in wallets and platforms.
A major cryptocurrency whale lost $27.3 million after a multi-signature wallet was compromised, according to blockchain security firm PeckShield. The breach occurred due to a leaked private key, allowing the attacker to drain funds and launder $12.6 million via Tornado Cash.
The drainer still holds roughly $2 million in liquid assets, while controlling the victim’s multisig, which maintains a leveraged long position on Aave. Data shared by PeckShieldAlert shows the compromised wallet now contains just over 100 Ethereum (ETH), worth some $285,000, plus tokens valued at $1.37 million.
The largest single position is Wrapped Ether (WETH) at $861,000, though there are significant positions in OKB, Bitfinex’s LEO token, and Fetch.ai (FET). In total, the wallet holds close to 200 ERC-20 tokens – a very diversified multi-asset position, if not a single bet on one cryptocurrency.
The transaction record describes a pattern over two days, with multiple transfers of exactly 100 ETH each. Most of them went through Tornado Cash, which insinuates that this is a bold move to blindside the tracking of funds.
The wallet itself was initially funded around six weeks ago, and its activity accelerated recently. While the motive remains unclear, repeated Tornado Cash use strongly insinuates attempts to hide the money trail.
Previous losses and broader risks
Just months ago, the same whale withdrew 2,520.5 ETH ($4.52 million) from OKX and staked it with Kiln Finance. Over the year, the account staked 9,918 ETH ($22.58 million) and earned 105.5 ETH, yet still faced a net loss of $4.26 million.
Blockchain security firm Scam Sniffer noted that phishing schemes exploiting “Permit” signatures trick victims into authorizing fund transfers without triggering alarms. Experts attribute the spike to EIP-7702 batch-signature scams and direct transfers to malicious contracts.
As attacks go on, decentralized finance (DeFi) protocol’s recent Yearn Finance V1 hack caused a $300,000 loss, targeting an immutable TUSD contract deployed over 2,100 days ago. Yearn confirmed modern v2 vaults remain unaffected.
Furthermore, North Korean cyber crooks were also found to use social engineering as a tactic through fake Zoom and Teams meetings to target and steal cryptocurrencies. They hack into Telegram accounts, send messages to contacts, and release illegal software updates tricked out as Zoom patch fixes. These cyber threats impact Mac, Windows, and Linux computers.
These hacks highlight how vulnerable crypto wallets can be, even for experienced users. Scammers exploit weaknesses in security and DeFi systems, showing the importance of careful management and vigilance.
Also Read: BitMine’s ETH Buying Spree Continues With Latest $140M Purchase
