A sophisticated attacker who compromised a multi-signature wallet and stole $27.3 million has now laundered $19.4 million through privacy protocol Tornado Cash while maintaining a leveraged trading position worth nearly $10 million.
The incident, first by blockchain security firm PeckShield, marks the latest in a series of major exploits targeting crypto holders in early 2026.
The multisig drainer who stole $27.3M from a compromised wallet has withdrawn 1K ($3.24M) from and laundered it via .They have deposited a total of 6,300 ($19.4M) to so farThe drainer, who controls the compromised… — PeckShieldAlert (@PeckShieldAlert)
PeckShield reported that the drainer withdrew 1,000 ETH, worth $3.24 million, from the lending platform Aave before depositing it into Tornado Cash, joining 6,300 ETH already laundered through the mixing service.
The attacker, who controls the compromised multi-signature wallet, simultaneously holds a $9.75 million leveraged long position consisting of $20.5 million in ETH against $10.7 million in DAI.Wave of Exploits Hits Crypto Platforms
The multi-sig wallet drain occurred alongside multiple other security incidents detected within the past 24 hours.
PeckShield address 0xB8b4…3714 actively laundering 2,479.1 ETH, worth $7.9 million, through Tornado Cash, with funds originating from multiple TRON wallets before being bridged to Ethereum.
Address 0xB8b4…3714 is actively laundering funds via , with 2,479.1 ($7.9M) processed so far. The funds originated from multiple wallets before being bridged to . These movements appear to link the assets to a “Pig-Butchering”… — PeckShieldAlert (@PeckShieldAlert)
The investigators linked the attack to a “pig-butchering” investment scam that typically lures victims through fake romantic relationships before stealing their crypto holdings.
Separately, the exploiter behind September’s UXLink hack 248 wrapped Bitcoin for 23 million DAI within an hour, moving stolen assets from an attack that minted billions of unauthorized tokens.
Blockchain security firm CertiK simultaneously another $1.4 million exploit on an unverified contract related to TMXTribe on Arbitrum.
The attackers repeatedly minted and staked TMX LP with USDT, swapped for USDG, then unstaked and sold more USDG to drain USDT alongside wrapped SOL and WETH through a looping mechanism executed multiple times.
🚨We have seen a ~$1.4M exploit on an unverified contract related to on Arbitrum.In an exploit loop, the exploiter mints and stakes TMX LP with USDT, swaps USDT for USDG, unstakes, and sells more USDG. The tactic has been repeated many times to drain… — CertiK Alert (@CertiKAlert)
These exploits follow closely after hardware wallet manufacturer Ledger disclosed that customer data, including names, postal addresses, emails, and phone numbers, was accessed through a breach at payment processor Global-e on January 5.
While Ledger confirmed no payment card details, passwords, or private keys were exposed, security researchers warned that the leak significantly increases phishing and social engineering risks.
Particularly, given Ledger’s history of data breaches, dating back to a devastating 2020 incident that exposed 1.1 million email addresses and detailed personal information for approximately 292,000 customers, whose data was later dumped publicly.Physical Security Risks Escalate for Crypto Holders
The Ledger breach has intensified concerns about physical attacks targeting cryptocurrency holders, particularly as violent incidents against users reach unprecedented levels.
Blockchain researcher Ignas, who receiving notification of his leaked data, warned that “wrench physical attacks are getting more common and I believe if economy & world gets more unstable, these attacks will become serious issue for crypto users.”
Security researcher NanoBaiter also that “threat actors are probably using this data for social engineering attacks and phishing emails,” while another analyst that cross-referencing the 2020 and 2025 Ledger datasets with AI tools allows attackers to identify high-value targets with a very good precision.
Investor Haseeb Qureshi’s of physical violence data showed attacks against crypto users have increased over time and grown more violent.
However, he noted that “some of this is just population effects because there are more people who hold crypto now.”
Are rates of physical violence against crypto users increasing?Jameson has been quietly maintaining a database of “wrench attacks” — violent attacks against crypto users to steal their crypto. It’s the closest thing we have to a ground truth of whether holding crypto has… — Haseeb >|< (@hosseeb)
Rezo, a Ledger user himself, the centralization risk inherent in crypto infrastructure, stating that “as long as crypto products depend on centralized infrastructure (payment processors, shipping, email), we’re exposed.”
He added that while “Ledger didn’t get hacked, their payment processor did,” the leaked name and contact information create “perfect phishing material.”
December 2025 saw crypto hack losses drop 60% month-over-month to $76 million according to PeckShield, down from November’s $194.2 million.
Despite the decline, major incidents continue occurring, including a $50 million address poisoning scam, a $27.3 million private key leak, and Trust Wallet’s Christmas Day exploit that drained $7 million through a compromised browser extension.
As it stands now, security experts have advised victims whose information was exposed to be very cautious of phishing emails and spam, possibly change their location for safety, and use temporary details and addresses for deliveries, etc.
