Whale Multisig Hacked in Minutes: Attack Drains $40M in Stages

Crypto Whale Multisig Wallet Drained in a Sophisticated Attack

An attacker has successfully compromised a whale’s multisig wallet just minutes after its creation, draining approximately $27.3 million and executing staged laundering activities over the past 44 days. The incident raises concerns over security practices in the crypto ecosystem and highlights evolving threats targeting high-value wallets.

Blockchain security firm PeckShield reported that the attacker has laundered around $12.6 million, or roughly 4,100 ETH, primarily through Tornado Cash. The attacker also retains about $2 million in liquid assets and has engaged in leveraged trading on Aave. New forensic analyses suggest the total loss could surpass $40 million, with initial signs of theft traced back to early November.

Yehor Rudytsia, head of forensic investigations at Hacken Extractor, explained that the wallet labeled as “compromised” might not have been under the victim’s control from the outset. On-chain data shows that the multisig wallet was created on November 4 at 7:46 am UTC, but ownership was transferred to the attacker just six minutes later. Rudytsia explained, “Very likely, the attacker created the multisig wallet, transferred funds to it, and then took control of it almost immediately.”

Following control of the wallet, the attacker exhibited patience, making Tornado Cash deposits over several weeks, beginning with 1,000 ETH on November 4 and continuing through early December in smaller, staggered transactions. Persistent funds remain on the compromised wallet, now under the attacker’s control. Rudytsia also raised concerns about the wallet’s configuration. The multisig was set as a “1-of-1,” requiring only a single signature for transaction approval—a design that doesn’t technically qualify as multisig and significantly lowers security.

Security experts at Hacken warn that various attack vectors are still viable, including malware infections, phishing, and operational errors such as storing private keys insecurely or using the same device for multiple signers. Abdelfattah Ibrahim, a DApp auditor, emphasized that locking devices in cold storage and verifying transactions outside a user interface are critical mitigation strategies.

Emerging Risks from AI-Generated Exploits

Recent research by Anthropic and the Machine Learning Alignment & Theory Scholars (MATS) demonstrates that advanced AI models can autonomously develop and execute profitable smart contract exploits. In controlled tests, models such as Anthropic’s Claude Opus 4.5, Claude Sonnet 4.5, and OpenAI’s GPT-5 collectively generated exploits valued at $4.6 million, illustrating the potential for autonomous hacking.

In further assessments, these AI models identified previously unknown zero-day vulnerabilities when tested against nearly 2,850 new smart contracts, producing exploits valued at just under $4,000, with costs lower than the expense of generating these exploits. This emerging threat underscores the need for enhanced security measures as AI capabilities rapidly advance within the blockchain space.

This article was originally published as Whale Multisig Hacked in Minutes: Attack Drains $40M in Stages on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.