Crypto Heist: $27M Multi-Sig Wallet Breached, $19M Vanished into Tornado Cash
Another day, another digital vault cracked open. This time, a multi-signature wallet—supposedly one of crypto's more secure setups—got drained for a cool $27 million. The attacker didn't just stop at the theft; they immediately funneled a staggering $19 million of the loot through Tornado Cash, the infamous privacy mixer, sending it straight into the blockchain's shadows.
The Anatomy of a Modern Heist
Forget bank vaults and getaway cars. Today's heists happen in lines of code. The exploit targeted the very security feature designed to prevent unilateral access, proving that no system is truly foolproof when enough incentive exists. The speed of the subsequent laundering operation was breathtaking—a stark reminder that in crypto, moving illicit funds can be as simple as executing a smart contract.
Privacy vs. Accountability: The Eternal Tug-of-War
Tornado Cash, once again, plays its starring role as the digital laundry of choice. Its use here underscores the ongoing, brutal tension between financial privacy and regulatory compliance—a debate that gets more expensive by the day. The mixer effectively scrambles the transaction trail, making forensic tracking a nightmare for investigators and a dream for thieves.
The Ironic Aftermath
Here's the cynical finance jab: somewhere, a venture capitalist who funded this 'secure' wallet protocol is probably drafting a blog post about 'valuable lessons learned' and 'robustness through adversity,' all while checking their portfolio's next ATH. The money's gone, the trail's cold, but the marketing spin is just heating up.
This incident cuts to the core of decentralized finance's growing pains. It bypasses hype and exposes the raw, unvarnished risks that come with self-custody and smart contract reliance. It's a multi-million-dollar reminder: in the race to disrupt traditional finance, sometimes the only thing getting disrupted is your own security.
Wave of Exploits Hits Crypto Platforms
The multi-sig wallet drain occurred alongside multiple other security incidents detected within the past 24 hours.
PeckShield identified addressactively laundering 2,479.1 ETH, worth $7.9 million, through Tornado Cash, with funds originating from multiple TRON wallets before being bridged to Ethereum.
#PeckShieldAlert Address 0xB8b4…3714 is actively laundering funds via #TornadoCash, with 2,479.1 $ETH ($7.9M) processed so far.
The funds originated from multiple #TRON wallets before being bridged to #Ethereum. These movements appear to LINK the assets to a "Pig-Butchering"… pic.twitter.com/S1BKRK2hjL
The investigators linked the attack to a “” investment scam that typically lures victims through fake romantic relationships before stealing their crypto holdings.
Separately, the exploiter behind September’s UXLink hack swapped 248 Wrapped Bitcoin for 23 million DAI within an hour, moving stolen assets from an attack that minted billions of unauthorized tokens.
Blockchain security firm CertiK simultaneously flagged another $1.4 million exploit on an unverified contract related to TMXTribe on Arbitrum.
The attackers repeatedly minted and staked TMX LP with USDT, swapped for USDG, then unstaked and sold more USDG to drain USDT alongside wrapped SOL and WETH through a looping mechanism executed multiple times.
#CertiKInsight
We have seen a ~$1.4M exploit on an unverified contract related to @TMXTribe on Arbitrum.
In an exploit loop, the exploiter mints and stakes TMX LP with USDT, swaps USDT for USDG, unstakes, and sells more USDG. The tactic has been repeated many times to drain… pic.twitter.com/jC6LzcxpmY
These exploits follow closely after hardware wallet manufacturer Ledger disclosed that customer data, including names, postal addresses, emails, and phone numbers, was accessed through a breach at payment processor Global-e on January 5.
While Ledger confirmed no payment card details, passwords, or private keys were exposed, security researchers warned that the leak significantly increases phishing and social engineering risks.
Particularly, given Ledger’s history of data breaches, dating back to a devastating 2020 incident that exposed 1.1 million email addresses and detailed personal information for approximately 292,000 customers, whose data was later dumped publicly.
Physical Security Risks Escalate for Crypto Holders
The Ledger breach has intensified concerns about physical attacks targeting cryptocurrency holders, particularly as violent incidents against users reach unprecedented levels.
Blockchain researcher Ignas, who confirmed receiving notification of his leaked data, warned that “wrench physical attacks are getting more common and I believe if economy & world gets more unstable, these attacks will become serious issue for crypto users.“
Security researcher NanoBaiter also cautioned that “threat actors are probably using this data for social engineering attacks and phishing emails,” while another analyst warned that cross-referencing the 2020 and 2025 Ledger datasets with AI tools allows attackers to identify high-value targets with a very good precision.
Investor Haseeb Qureshi’s analysis of physical violence data showed attacks against crypto users have increased over time and grown more violent.
However, he noted that “some of this is just population effects because there are more people who hold crypto now.“
Are rates of physical violence against crypto users increasing?
Jameson @lopp has been quietly maintaining a database of "wrench attacks"—violent attacks against crypto users to steal their crypto. It's the closest thing we have to a ground truth of whether holding crypto has… pic.twitter.com/VMmI4ZeC3B
Rezo, a Ledger user himself, emphasized the centralization risk inherent in crypto infrastructure, stating that “as long as crypto products depend on centralized infrastructure (payment processors, shipping, email), we’re exposed.“
He added that while “Ledger didn’t get hacked, their payment processor did,” the leaked name and contact information create “perfect phishing material.”
December 2025 saw crypto hack losses drop 60% month-over-month to $76 million according to PeckShield, down from November’s $194.2 million.
Despite the decline, major incidents continue occurring, including a $50 million address poisoning scam, a $27.3 million private key leak, and Trust Wallet’s Christmas Day exploit that drained $7 million through a compromised browser extension.
As it stands now, security experts have advised victims whose information was exposed to be very cautious of phishing emails and spam, possibly change their location for safety, and use temporary details and addresses for deliveries, etc.
