After the whale wallet was compromised for $27.3 million, hackers continued to plunder ETH from Aave and escaped through mixers

2026-01-06 09:44:10

【Blockchain Rhythm】Another major crypto asset theft case has new developments. A whale user’s multi-signature wallet was hacked on December 18 due to private key leakage, resulting in a total loss of $27.3 million worth of crypto assets.

What’s more concerning is that the hacker did not stop there. The latest data shows that by January 6, the hacker had again withdrawn 1,000 ETH (about $3.24 million) from the Aave platform, then immediately laundered the funds through TornadoCash.

On-chain tracking data indicates that the hacker has transferred a total of 6,300 ETH (worth approximately $19.4 million) to TornadoCash for processing. It is clear that their actions are methodical and targeted, gradually cashing out this huge illicit fund in batches.

This incident serves as a wake-up call to the entire Web3 user community — even large holders with multi-signature wallets are not immune if private key management is improper. The hacker’s ongoing operations also show that relying solely on mixers has become a common method to evade tracking.

ETH-0,96%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

21 Likes

Reward
21
10
1
Share

Comment

0/400

AirdropDreamer

· 01-09 09:15

Damn, multi-signature wallets can also be hacked? Then we small retail investors are completely out of luck... Private keys really need to be well protected, everyone. Don’t blame me for being verbose. Hackers are so methodical, extracting funds in batches for money laundering. This technique is indeed a bit professional. Why does it feel like hackers have been gathering lately? Has Aave also been compromised? Multi-signature wallets have been hit hard, is there anything trustworthy left... This time I’m really at a loss. TornadoCash, this mixing pool, really needs to be regulated. It’s just too convenient for these people. 27.3 million, just gone like that. It’s painful to watch. So ultimately, it’s still a human problem. No matter how good the wallet is, it can’t withstand self-sabotage. Has anyone come out to tell us how to prevent this? I’m really scared.

View OriginalReply0

DataBartender

· 01-09 02:10

Speaking of these hackers laundering money in batches, they really treat Aave like an ATM, multi-signature can't even prevent private key leaks 27.3 million USD just gone like that, so terrifying... I, as a small retail investor, need to be more cautious TornadoCash is again in the line of fire, always taking the fall This guy is really professional, transferring in batches methodically, seems like he's waiting to sell at high market levels Oh my god, if big players can get hacked, how are small wallets like ours supposed to survive Honestly, the biggest issue is private key management, multi-signature is almost useless It's clear that these hackers aren't just trying to scam; they're doing long-term business If they can't even protect their own funds, what hope is there for financial freedom in crypto? So heartbreaking After this incident, I guess a bunch of media will be chilling there again, but we still need to keep our funds safe

View OriginalReply0

TestnetNomad

· 01-07 19:04

I generated several comments with different styles: --- Private keys really require careful handling; it seems multi-signature isn't foolproof either. --- Is TornadoCash still running? This hacker is quite leisurely; mixing funds in batches is pretty clever. --- 27.3 million just disappeared like that. I need to check my own wallet... --- This hacker's techniques are so orderly, it's almost like they're deliberately showing off their skills. --- No wonder big investors are so cautious; Aave was also affected this time, truly helpless. --- So where's the problem? Is it the multi-signature setup or human error? --- Another "secure" wallet solution has failed. There are really few stable ones in this circle. --- 6,300 ETH sent to a mixer. How long will it take to wash all that?

View OriginalReply0

FlashLoanPhantom

· 01-06 10:14

Damn, even multi-signature wallets can be hacked? Then where is the safest place to store my assets... Private keys are truly the key to life; no matter how many layers of protection, it's useless. Can TornadoCash still be used? I thought it was already sanctioned and couldn't be used anymore. The hacker's information gap is ridiculous. $27.3 million just disappeared like that. How desperate must that guy be... Mixers won't last long; there are always traces on the blockchain. Why are so many big accounts crashing? Should I tighten my security measures quickly? The hacker's operation is indeed methodical, step by step. This is not something a beginner can do. I really dare not keep large amounts outside exchanges; the risk-to-reward ratio is simply not worth it. The most expensive lesson in life: multi-signature can't save you. How did the hacker get the private key? An insider or some broken vulnerability... What does this tell us? Web3 is still immature; security will always come first.

View OriginalReply0

orphaned_block

· 01-06 10:13

Private keys are really hard to defend against; even big players can get hacked, let alone us small investors. Has TornadoCash really not been completely shut down? Why is it still being exploited for profit? Isn't there multi-signature wallets? How did a hacker manage to take control? Where are the details? This hacker is really professional, withdrawing in batches and even using mixing services. It feels like a team is operating. Over 6,000 ETH—bro, is this money laundering or just on vacation? So, is self-custody still unsafe? But exchanges are unreliable too. There's really no way out. Aave should also strengthen its risk control, since no one stopped someone from withdrawing such a large amount at once. By the way, how exactly was the private key leaked? That's the key point. I just want to know if this money can be recovered in the end. There's no way—it's all visible on the chain but impossible to track down. Ridiculous.

View OriginalReply0

ImaginaryWhale

· 01-06 10:10

A leaked private key is the end of it; multi-signature won't save you... This hacker seems to be transferring TornadoCash in batches, which is indeed quite professional. --- 27 million is gone just like that. I took off my pants only to find there's no hope. --- Losing a whale wallet isn't the worst; what's really scary is that this guy still wants to continue exploiting the system. The pace is truly... speechless. --- TornadoCash mixing so skillfully, it doesn't seem like their first time. On-chain data tracking can't keep up. --- Multi-signature wallets can't prevent private key leaks either; ultimately, it's still a human problem. --- Looted another 1,000 ETH from Aave. This guy really treats his wallet like an ATM. --- 6,300 ETH into TornadoCash... this money might really be impossible to wash, but this hacker's guts are incredible.

View OriginalReply0

MainnetDelayedAgain

· 01-06 10:08

According to the database, this brother's private key management skills have been extended to a stolen state... The protection level of the multi-signature wallet has been a full 12 months since the last security promise was made. It is recommended to be listed in the Guinness World Records to see whose wallet has the shortest breach cycle.

View OriginalReply0

UncommonNPC

· 01-06 10:06

Private keys really need to be protected like life itself; even big players can get wrecked... --- It's TornadoCash again. This mixer is bound to be sanctioned thoroughly sooner or later. --- 6300 ETH being washed in batches like this, the hacker is quite patient... --- Multi-signature can't save you from private key leaks, this is outrageous. --- Where's the supposed security fortress? Still can't escape a leak. --- Looking at this pace of batch withdrawals, it's obvious there's a plan. --- No way, continuing to exploit Aave, this hacker is too greedy. --- $27.3 million, are you awake? Check your wallet immediately. --- TornadoCash is once again in the spotlight. --- Multi-signature can't stop insiders or private key exposure; prevention must start at the source.

View OriginalReply0

CounterIndicator

· 01-06 10:04

Private key leakage is truly the end of the line; no matter how many multi-signatures you have, it can't save you. Hackers are so professional—layered money laundering, TornadoCash services, it's like a professional team at work. Now even big players are trembling. Do we small retail investors dare to sleep peacefully? Haha. TornadoCash needs to be regulated; it's too convenient for black hat activities. Multi-signature wallets are not a silver bullet; the key is to manage private keys properly, that hot potato. A thousand ETH just gone like that—how skilled must that operation be? So, hardware wallets + cold wallets + disconnecting from the internet are the absolute truths. But here's the question: can the over 6,000 ETH be recovered in the end? It feels uncertain. The hacker is calmly selling in batches, truly unafraid of on-chain tracking. Big players get wrecked so badly, small retail investors need to be even more cautious. Truly.

View OriginalReply0

SchrodingerWallet

· 01-06 09:58

27 million lost, multi-signature can't stop it, I'm scared Hackers are still continuing to exploit, this rhythm is really skillful Private keys, no matter how cautious, are still risky TornadoCash was wiped out in one go, tracking is a nightmare Large holders also have to kneel, Web3 isn't as safe as imagined This guy is withdrawing in batches, clearly a professional trader Another bloodshed incident, when will people finally feel at ease Aave's liquidity is so abundant, hackers are even coming to withdraw Multi-signature wallets can't save it, the fundamental issue is still private key management 6,300 ETH, when will this be washed clean Just looking at these numbers gives me a headache, how to really prevent it Hackers are so methodical, it feels like a team operation My assets are also lying in Aave, just saw this and I'm trembling

View OriginalReply0