A large crypto investor has lost more than $25 million after attackers gained full control of a multisignature wallet that required only one approval to move funds.
Security experts say the wallet’s configuration removed the main protection multisig wallets are meant to provide. Once the private key was compromised, the attacker faced no further barriers.
What Went Wrong
The wallet was set up as a 1-of-1 multisig, meaning a single key could approve transactions. After that key was exposed, the attacker converted themselves into the only signer and took full control of the wallet.
From there, funds were drained and moved off-chain in stages. Blockchain data shows the stolen assets are being routed through Tornado Cash using repeated, identical transfers.
Blockchain security firm PeckShield estimates that over $27 million has been stolen so far. Around half of that amount has already been laundered, while a smaller portion remains in the attacker’s wallet.
The attacker’s address still holds multiple assets, including Ether and several large-cap tokens, according to on-chain tracking.
Open Positions Increase Risk
The compromised wallet is not empty. Analysts believe it still controls a large position on Aave, with Ether posted as collateral against borrowed stablecoins.
As long as the attacker controls the wallet, additional losses are possible if the position is altered or liquidated.
Investigators believe the private key was exposed during the wallet’s creation process. The wallet was funded shortly after being set up, and large outflows followed almost immediately.
One theory is that the key was mishandled during setup. Another is that third-party assistance was used, allowing a malicious actor to gain access.
Total losses from the incident could be higher than initially reported.
Why Multisig Didn’t Protect the Funds
Multisignature wallets are only effective when multiple independent approvals are required. Configurations like 2-of-3 or 3-of-5 significantly reduce single-point failure risk.
A 1-of-1 multisig does not. In practice, it offers no more protection than a standard wallet.
Security researchers say this case highlights a common misconception: multisig security depends entirely on how it is configured.
