0
0
A prominent cryptocurrency whale has suffered a devastating breach, with approximately $27.3 million drained from their multisig wallet due to a private key compromise. The attacker quickly laundered $12.6 million, equivalent to 4,100 ETH, through Tornado Cash while retaining about $2 million in liquid assets.
Blockchain security firm PeckShieldAlert first reported the incident, highlighting the use of sophisticated social engineering tactics. The hacker now controls the victim’s wallet, including a high-risk leveraged position on Aave.
The attacker identified a private key leak and seized control, effectively converting the multisig wallet into a single-signature wallet. The move drained funds from across various assets. The incident drew attention when PeckShieldAlert flagged suspicious activity on X, prompting an examination of the transactions.
The attacker made multiple deposits of 100 ETH into Tornado Cash, successfully hiding around $12.6 million in illicit proceeds. Meanwhile, the remaining assets, including wrapped ETH and other tokens, amounted to approximately $2 million. Interestingly, the attacker’s wallet only maintained a minimal ETH balance of 1 ETH.
Further investigations revealed that the phishing attack began with a fake Etherscan link that led to the download of malware designed to steal private keys and backups. The attack was simple and did not use complex hacking techniques. The attack bypassed the multisig’s multi-approval security, allowing unauthorized changes to be made directly on the blockchain.
Following the breach, many X users expressed concern and asked for stronger security measures and more education about phishing risks. Meanwhile, attacks like this have, sadly, become almost an everyday occurrence in the crypto space. For example, earlier in November, a crypto investor lost about $38 million in Ethereum and other tokens due to a security breach.
The investor had set up a Gnosis Safe multisig wallet with only one signer before transferring large amounts of assets. Soon after, the attacker changed the signer’s address to their own Ethereum wallet, enabling them to quickly drain the account.
Investigators believe the private key may have been leaked during the multisig setup or through the involvement of a third party who drained the account and quickly took the assets. The attacker laundered 4,100 ETH through 41 deposits of 100 ETH each into Tornado Cash.
The post Crypto Whale Loses $27.3M to Sophisticated Multisig Attack appeared first on CoinTab News.
0
0
Manage all your crypto, NFT and DeFi from one placeSecurely connect the portfolio you’re using to start.
0
0
0
0
0
0
