Security experts say the wallet’s configuration removed the main protection multisig wallets are meant to provide. Once the private key was compromised, the attacker faced no further barriers.
Key Takeaways
The wallet was set up as a 1-of-1 multisig, meaning a single key could approve transactions. After that key was exposed, the attacker converted themselves into the only signer and took full control of the wallet.
From there, funds were drained and moved off-chain in stages. Blockchain data shows the stolen assets are being routed through Tornado Cash using repeated, identical transfers.
Blockchain security firm PeckShield estimates that over $27 million has been stolen so far. Around half of that amount has already been laundered, while a smaller portion remains in the attacker’s wallet.
#PeckShieldAlert A whale's Multisig was drained of ~$27.3M due to a private key compromise.
The drainer has laundered $12.6M (4,100 $ETH) via #TornadoCash and retains ~$2M in liquid assets.
The drainer also controls the victim's multisig, which maintains a leveraged long… pic.twitter.com/1Ulk4X7bkl
— PeckShieldAlert (@PeckShieldAlert) December 18, 2025
The attacker’s address still holds multiple assets, including Ether and several large-cap tokens, according to on-chain tracking.
The compromised wallet is not empty. Analysts believe it still controls a large position on Aave, with Ether posted as collateral against borrowed stablecoins.
As long as the attacker controls the wallet, additional losses are possible if the position is altered or liquidated.
Investigators believe the private key was exposed during the wallet’s creation process. The wallet was funded shortly after being set up, and large outflows followed almost immediately.
One theory is that the key was mishandled during setup. Another is that third-party assistance was used, allowing a malicious actor to gain access.
Total losses from the incident could be higher than initially reported.
Multisignature wallets are only effective when multiple independent approvals are required. Configurations like 2-of-3 or 3-of-5 significantly reduce single-point failure risk.
A 1-of-1 multisig does not. In practice, it offers no more protection than a standard wallet.
Security researchers say this case highlights a common misconception: multisig security depends entirely on how it is configured.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
The post Crypto Whale Loses Over $25 Million After Multisig Wallet Breach appeared first on Coindoo.
