Futures
Hundreds of contracts settled in USDT or BTC
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Futures Kickoff
Get prepared for your futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to experience risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Launchpad
Be early to the next big token project
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Major investor loses $27 million due to security key breach: Which assets were seized?
According to a report from PeckShield at the end of December last year, a large-scale Ethereum account was fully compromised, with total funds valued at approximately $27.3 million after security information was leaked. This incident is quite serious because not only was the money stolen, but the connection was also linked to organized money laundering by the attacker.
The attacker transferred about $12.6 million (equivalent to 4,100 ETH at that time) through Tornado Cash to hide the source of the funds, while retaining around $2 million in liquidity tokens. Based on Etherscan data released by PeckShield, the address “0x1fCf1” continuously sent 100 ETH chunks to Tornado Cash according to an organized plan, indicating this was not a panic-driven action but a carefully prepared money laundering process.
The most valuable assets stolen
Etherscan wallet data shows this account held 100.3184 ETH (valued at that time) along with a balance of approximately $1.37 million from 201 different tokens. The largest assets included: 303.44 WETH worth about $860,973, 2,216.36 OKB valued at around $234,802, 4,928.74 LEO worth $36,374, and 151,990.97 FET adding another $30,870.
Notably, the attacker also gained full access to the victim’s multisig system, a critical detail because it introduces additional potential risks.
Hidden risks and liquidation dangers
Although it appears that the stolen funds have been identified, the real danger lies ahead. According to the Aave interface stored in the report, the victim’s multisig still maintains a collateralized loan position: approximately $25 million worth of Ethereum was provided as collateral to borrow about $12.3 million in DAI, with a health factor of around 1.68.
What does this number mean? It indicates that the wallet is still active but in a “danger zone” — if ETH prices drop significantly, this index will fall below 1, at which point the Aave system will automatically trigger a liquidation process. At that moment, the attacker wouldn’t need to “panic sell” all assets to cause a major dump — the system will do it automatically, and the collateral assets will be sold at unfavorable prices.
This is why this incident is noteworthy: it’s not just about the stolen funds, but also about the ongoing risks posed by the attacker controlling the system and potentially triggering the worst liquidation events.