Hacker Drains $27M From Multi-Sig Wallet, Launders $19M via Tornado Cash
A classy attacker who compromised a multi-signature pockets and stole $27.3 million has now laundered $19.4 million via privateness protocol Tornado Cash whereas sustaining a leveraged buying and selling place value practically $10 million.
The incident, first detected by blockchain safety agency PeckShield, marks the newest in a sequence of main exploits concentrating on crypto holders in early 2026.
PeckShield reported that the drainer withdrew 1,000 ETH, value $3.24 million, from the lending platform Aave earlier than depositing it into Tornado Cash, becoming a member of 6,300 ETH already laundered via the blending service.
The attacker, who controls the compromised multi-signature pockets, concurrently holds a $9.75 million leveraged lengthy place consisting of $20.5 million in ETH towards $10.7 million in DAI.
Wave of Exploits Hits Crypto Platforms
The multi-sig pockets drain occurred alongside a number of different safety incidents detected inside the previous 24 hours.
PeckShield identified tackle 0xB8b4…3714 actively laundering 2,479.1 ETH, value $7.9 million, via Tornado Cash, with funds originating from a number of TRON wallets earlier than being bridged to Ethereum.
The investigators linked the assault to a “pig-butchering” funding rip-off that usually lures victims via pretend romantic relationships earlier than stealing their crypto holdings.
Separately, the exploiter behind September’s UXLink hack swapped 248 wrapped Bitcoin for 23 million DAI inside an hour, shifting stolen belongings from an assault that minted billions of unauthorized tokens.
Blockchain safety agency CertiK concurrently flagged one other $1.4 million exploit on an unverified contract associated to TMXTribe on Arbitrum.
The attackers repeatedly minted and staked TMX LP with USDT, swapped for USDG, then unstaked and offered extra USDG to empty USDT alongside wrapped SOL and WETH via a looping mechanism executed a number of occasions.
We have seen a ~$1.4M exploit on an unverified contract associated to @TMXTribe on Arbitrum.
In an exploit loop, the exploiter mints and stakes TMX LP with USDT, swaps USDT for USDG, unstakes, and sells extra USDG. The tactic has been repeated many occasions to empty… pic.twitter.com/jC6LzcxpmY
— CertiK Alert (@CertiKAlert) January 6, 2026
These exploits observe carefully after {hardware} pockets producer Ledger disclosed that buyer knowledge, together with names, postal addresses, emails, and telephone numbers, was accessed through a breach at payment processor Global-e on January 5.
While Ledger confirmed no cost card particulars, passwords, or personal keys had been uncovered, safety researchers warned that the leak considerably will increase phishing and social engineering dangers.
Particularly, given Ledger’s historical past of information breaches, courting again to a devastating 2020 incident that uncovered 1.1 million e mail addresses and detailed private info for about 292,000 clients, whose knowledge was later dumped publicly.
Physical Security Risks Escalate for Crypto Holders
The Ledger breach has intensified considerations about bodily assaults concentrating on cryptocurrency holders, notably as violent incidents towards customers attain unprecedented ranges.
Blockchain researcher Ignas, who confirmed receiving notification of his leaked knowledge, warned that “wrench bodily assaults are getting extra widespread and I consider if economic system & world will get extra unstable, these assaults will develop into severe situation for crypto customers.“
Security researcher NanoBaiter additionally cautioned that “menace actors are most likely utilizing this knowledge for social engineering assaults and phishing emails,” whereas one other analyst warned that cross-referencing the 2020 and 2025 Ledger datasets with AI instruments permits attackers to establish high-value targets with an excellent precision.
Investor Haseeb Qureshi’s analysis of bodily violence knowledge confirmed assaults towards crypto customers have elevated over time and grown extra violent.
However, he famous that “a few of that is simply inhabitants results as a result of there are extra individuals who maintain crypto now.“
Rezo, a Ledger consumer himself, emphasized the centralization danger inherent in crypto infrastructure, stating that “so long as crypto merchandise rely upon centralized infrastructure (cost processors, transport, e mail), we’re uncovered.“
He added that whereas “Ledger didn’t get hacked, their cost processor did,” the leaked identify and call info create “good phishing materials.”
December 2025 saw crypto hack losses drop 60% month-over-month to $76 million in accordance with PeckShield, down from November’s $194.2 million.
Despite the decline, main incidents proceed occurring, together with a $50 million address poisoning scam, a $27.3 million private key leak, and Trust Wallet’s Christmas Day exploit that drained $7 million via a compromised browser extension.
As it stands now, safety consultants have suggested victims whose info was uncovered to be very cautious of phishing emails and spam, presumably change their location for security, and use short-term particulars and addresses for deliveries, and so on.
The publish Hacker Drains $27M From Multi-Sig Wallet, Launders $19M via Tornado Cash appeared first on Cryptonews.
