$27M Hack Targets Whale Multisig Wallet, Raising DeFi Security Concerns
A massive $27.3 million in crypto was stolen from a wealthy investor’s multisig wallet, underscoring that even wallets considered highly secure aren’t immune to hacks. The breach, reported by blockchain security firm PeckShield on X (formerly Twitter) on December 18, 2025, happened after attackers gained control of the wallet’s private key.
Multisig wallets, widely used by large investors, require multiple signatures to authorize transactions and are generally regarded as one of the safest ways to store crypto. Yet, this hack shows that if private keys are compromised, even the most secure setup can fail. PeckShield detected the unusual activity quickly, but by then, the hacker had already moved the funds to make tracing and recovery difficult.
Roughly $12.6 million (around 4,100 ETH) of the stolen funds have been laundered through Tornado Cash, a crypto-mixing platform under U.S. sanctions, commonly used by hackers to obscure fund origins. The hacker still holds about $2 million in easily tradable crypto across multiple platforms, and experts warn these assets could be shifted quickly to other blockchains or mixing services, further complicating recovery efforts.
The situation is even more complex because the hacker now controls the victim’s entire multisig wallet, including a high-risk leveraged position on Ethereum (ETH) through the DeFi lending platform Aave. The wallet had deposited $25 million in ETH as collateral and borrowed $12.3 million in DAI against it. This setup allows for large gains if ETH rises—but also exposes the wallet to significant losses if ETH drops.
With the hacker in control, there’s a risk they could liquidate or manipulate this position, potentially flooding the market with ETH and impacting prices. The borrowed DAI could also be used to move or launder additional funds. While the position isn’t close to liquidation yet, whale-sized moves of this kind have triggered chain reactions in past DeFi crises.
Lessons for DeFi Investors and Protocols
This incident highlights that relying solely on multisig wallets may no longer be sufficient for securing large crypto holdings. Experts recommend additional measures such as hardware wallets, multi-party computation (MPC)-based custody, and frequent security audits. For DeFi protocols like Aave, the breach also underscores the need for stronger safeguards around leveraged positions and oracle protections.
As the DeFi ecosystem matures, high-net-worth crypto holders—or “whales”—will need to upgrade their security strategies beyond basic multisig setups to avoid similar high-stakes losses in the future.
