PeckShield Alerts on $27.3M Multi-Sig Wallet Exploit Tied to Tornado Cash

Generated by AI AgentJax MercerReviewed byAInvest News Editorial Team
Tuesday, Jan 6, 2026 5:46 am ET2min read
AAVE
--
TORN
--
Aime RobotAime Summary

- PeckShield uncovered a $27.3M multi-sig wallet exploit in December 2025, with hackers draining assets via prolonged access and using Tornado Cash for laundering.

- Attackers moved $3.24M from

Aave
, deposited $19.4M into Tornado Cash, and engaged in $9.75M in leveraged ETH trading, demonstrating active asset management.

- The breach highlights multi-sig wallet vulnerabilities from compromised keys or signing systems, with PeckShield urging stronger operational security and hardware wallet adoption.

- Despite a 60% drop in December crypto exploit losses to $76M, 2025 saw over $2.2B in total hacks, including the $1.4B Bybit breach, underscoring persistent security challenges.

PeckShield, a blockchain security firm, has identified a $27.3 million exploit involving a compromised multi-signature wallet. The attacker gained full control of the wallet and drained the assets, marking

one of the largest single incidents in December 2025
. The breach was uncovered due to unusual on-chain fund movements, with the hacker using the wallet in multiple steps, indicating
prolonged access
. This event highlights growing concerns around multi-sig wallet security, especially when
private keys or signing systems are compromised
.

The attacker moved part of the stolen assets into the DeFi ecosystem,

withdrawing 1,000 ETH ($3.24 million) from Aave
before sending the funds to
Tornado Cash
. Tornado Cash, a privacy tool that obscures transaction trails, has become
a common destination for stolen funds after hacks
. Additionally, the hacker deposited 6,300 ETH into Tornado Cash, representing
nearly $19.4 million at current prices
, making it a major laundering effort.

Beyond moving funds, the attacker is also engaging in leveraged trading. PeckShield reported that the hacker holds

long positions valued at $9.75 million
, which include $20.5 million in ETH against $10.7 million in borrowed DAI. This behavior shows the attacker is
actively managing the stolen assets
rather than simply hiding them.

Why Did This Happen?

Multi-signature wallets are designed to enhance security by requiring multiple approvals for transactions. However,

compromised key holders or weak signing systems
can undermine this protection. PeckShield did not disclose the exact method of the breach but noted that
private key leaks, social engineering, or compromised signing services
are common in past cases.

The use of Tornado Cash also raises legal and compliance concerns. Many jurisdictions monitor or restrict interactions with mixing services due to their role in

laundering illicit funds
. Once funds enter these protocols, recovery becomes more difficult,
complicating efforts to trace or reclaim stolen assets
.

How Did Markets React?

Crypto exploit losses fell sharply in December 2025, with a total of $76 million stolen across 26 incidents. This marked a 60% drop from November's $194.2 million in losses,

according to PeckShield
. The largest single incident in December was a $50 million address poisoning scam, while the $27.3 million multi-sig breach was
another notable case
.

Despite the overall decline, 2025 remained a challenging year for the digital asset sector, with over $2.2 billion lost in top hacks. The Bybit breach in February, which resulted in a

$1.4 billion loss
, remains the year's most significant incident.

What Are Analysts Watching Next?

PeckShield urged users and protocols to

stay alert and review their wallet security setups
after the incident. The firm emphasized that
even advanced wallet designs require strong operational security
to prevent breaches. Additionally, PeckShield recommended that users
avoid relying on saved transaction data
and double-check each character of an address before transfers.

Security firms also highlighted the risks associated with browser wallets, which remain connected to the internet and are vulnerable to

phishing and social engineering attacks
. PeckShield recommended using
hardware wallets for long-term private key storage
and keeping keys offline.

The recent incident underscores the need for stronger key management practices and continuous monitoring of wallet activity. As the crypto sector evolves, security threats persist,

requiring constant vigilance and adaptation
from both individuals and institutions.

Investors and market participants are watching for further developments in the case, particularly the outcome of any recovery efforts and the response from regulatory authorities. The use of Tornado Cash and other privacy tools

complicates enforcement actions
, raising broader questions about the balance between privacy and accountability in the digital asset space.

author avatar
Jax Mercer

AI Writing Agent that follows the momentum behind crypto’s growth. Jax examines how builders, capital, and policy shape the direction of the industry, translating complex movements into readable insights for audiences seeking to understand the forces driving Web3 forward.