Hacker Drains $27M From Multi-Sig Wallet, Launders $19M via Tornado Cash

A sophisticated attacker who compromised a multi-signature wallet and stole $27.3 million has now laundered $19.4 million through privacy protocol Tornado Cash while maintaining a leveraged trading position worth nearly $10 million.

The incident, first detected by blockchain security firm PeckShield, marks the latest in a series of major exploits targeting crypto holders in early 2026.

PeckShield reported that the drainer withdrew 1,000 ETH, worth $3.24 million, from the lending platform Aave before depositing it into Tornado Cash, joining 6,300 ETH already laundered through the mixing service.

The attacker, who controls the compromised multi-signature wallet, simultaneously holds a $9.75 million leveraged long position consisting of $20.5 million in ETH against $10.7 million in DAI.

Wave of Exploits Hits Crypto Platforms

The multi-sig wallet drain occurred alongside multiple other security incidents detected within the past 24 hours.

PeckShield identified address 0xB8b4…3714 actively laundering 2,479.1 ETH, worth $7.9 million, through Tornado Cash, with funds originating from multiple TRON wallets before being bridged to Ethereum.

The investigators linked the attack to a “pig-butchering” investment scam that typically lures victims through fake romantic relationships before stealing their crypto holdings.

Separately, the exploiter behind September’s UXLink hack swapped 248 wrapped Bitcoin for 23 million DAI within an hour, moving stolen assets from an attack that minted billions of unauthorized tokens.

Blockchain security firm CertiK simultaneously flagged another $1.4 million exploit on an unverified contract related to TMXTribe on Arbitrum.

The attackers repeatedly minted and staked TMX LP with USDT, swapped for USDG, then unstaked and sold more USDG to drain USDT alongside wrapped SOL and WETH through a looping mechanism executed multiple times.

These exploits follow closely after hardware wallet manufacturer Ledger disclosed that customer data, including names, postal addresses, emails, and phone numbers, was accessed through a breach at payment processor Global-e on January 5.

While Ledger confirmed no payment card details, passwords, or private keys were exposed, security researchers warned that the leak significantly increases phishing and social engineering risks.

Particularly, given Ledger’s history of data breaches, dating back to a devastating 2020 incident that exposed 1.1 million email addresses and detailed personal information for approximately 292,000 customers, whose data was later dumped publicly.

Physical Security Risks Escalate for Crypto Holders

The Ledger breach has intensified concerns about physical attacks targeting cryptocurrency holders, particularly as violent incidents against users reach unprecedented levels.

Blockchain researcher Ignas, who confirmed receiving notification of his leaked data, warned that “wrench physical attacks are getting more common and I believe if economy & world gets more unstable, these attacks will become serious issue for crypto users.“

Security researcher NanoBaiter also cautioned that “threat actors are probably using this data for social engineering attacks and phishing emails,” while another analyst warned that cross-referencing the 2020 and 2025 Ledger datasets with AI tools allows attackers to identify high-value targets with a very good precision.

Investor Haseeb Qureshi’s analysis of physical violence data showed attacks against crypto users have increased over time and grown more violent.

However, he noted that “some of this is just population effects because there are more people who hold crypto now.“

Rezo, a Ledger user himself, emphasized the centralization risk inherent in crypto infrastructure, stating that “as long as crypto products depend on centralized infrastructure (payment processors, shipping, email), we’re exposed.“

He added that while “Ledger didn’t get hacked, their payment processor did,” the leaked name and contact information create “perfect phishing material.”

December 2025 saw crypto hack losses drop 60% month-over-month to $76 million according to PeckShield, down from November’s $194.2 million.

Despite the decline, major incidents continue occurring, including a $50 million address poisoning scam, a $27.3 million private key leak, and Trust Wallet’s Christmas Day exploit that drained $7 million through a compromised browser extension.

As it stands now, security experts have advised victims whose information was exposed to be very cautious of phishing emails and spam, possibly change their location for safety, and use temporary details and addresses for deliveries, etc.