Ethereum Whale Loses $27 Million: Link From Exposed Key to Liquidation Risk

A serious security incident has just occurred involving a major investor on Ethereum, when all assets in a multisig wallet were completely wiped out, valued at nearly $27.3 million. According to PeckShield, the root cause of this incident stemmed from a security certificate leak, creating a dangerous link that led to a chain of attacker actions. Notably, the attacker not only stole the assets but also maintained control over the victim’s multisig, creating even greater potential risks.

Blockchain traces show that the attacker carried out a carefully planned money laundering campaign. In a short period, they transferred approximately $12.6 million (about 4,100 ETH) through Tornado Cash, a cryptocurrency mixing service. These transactions were not large, unusual transfers but a series of smaller transfers of 100 ETH each, clearly indicating a premeditated money laundering scheme. At the same time, the attacker still holds about $2 million worth of other liquid assets in the wallet, fully under their control.

Which Tokens Were Attacked and Transferred

Examining the remaining assets in the wallet on Etherscan reveals a very diverse list of affected tokens. The wallet currently holds 100.3184 ETH valued at around $284,640 at the time of recording, along with balances across more than 201 different tokens. The largest holdings include 303.44 WETH worth nearly $860,973, 2,216.36 OKB valued at over $234,802, 4,928.74 LEO worth $36,374, and an impressive 151,990.97 FET adding another $30,870 to the asset list.

This diversity indicates that the victim had a complex investment portfolio, with broad allocations across major tokens and tokens from various exchanges. It also underscores the critical importance of private key security, as a single leak could lead to total portfolio loss.

Liquidity Risks: Dangerous Link Between Controlled Multisig and Leverage Positions

The real risk lies in what PeckShield discovered: the victim’s multisig still maintains a long ETH position with leverage on Aave. Specifically, approximately $25 million worth of Ethereum is used as collateral to borrow about $12.3 million DAI, with a health factor around 1.68. This number may seem safe at first glance, but it also means the wallet is not in a “safe sleep” state if ETH prices drop sharply.

The link between the controlled multisig and this leveraged position creates an extremely sensitive situation. If the attacker decides to trigger a liquidation, they could force the collateral to be sold automatically, without needing to “liquidate everything,” potentially causing a large sell-off wave. The danger is not only losing what has already been stolen but also losing what the victim is still trying to protect through leverage. This vividly illustrates how security risks can be directly linked to financial risks in the modern DeFi ecosystem.