Multi-signature wallets also compromised? The bizarre actions after hackers stole $27.3 million reveal what

According to the latest news, a hacker successfully infiltrated and took control of a multi-signature wallet, stealing a total of $27.3 million in assets. This incident not only exposed the security risks of multi-signature wallets but also demonstrated the hacker’s clear intentions through subsequent fund operations. PeckShield’s monitoring data indicates that this is not a simple theft but a carefully planned transfer and money laundering activity.

Complete Attack Chain of the Hacker

Based on PeckShield’s monitoring, the hacker’s operations can be divided into several clear stages:

Step 1: Extract funds from a lending protocol

The hacker withdrew 1,000 ETH from Aave, currently valued at about $3.24 million. This timing is critical, suggesting the hacker may have had a position set up in Aave beforehand.

Step 2: Launder money through a mixer

As of now, the hacker has deposited a total of 6,300 ETH into Tornado Cash, worth approximately $19.4 million. This is a standard operation to hide the source of funds, indicating the hacker is aware of the risks of being tracked.

Step 3: Establish leverage positions

Most notably, the hacker currently holds a leveraged long position worth $9.75 million, specifically ETH worth $20.5 million against $10.7 million DAI. This move reveals key information.

What Might Be the Hacker’s True Intentions

From the logic of fund operations, the hacker does not seem to simply want to cash out and escape. Establishing a leveraged long position implies:

• The hacker is optimistic about ETH’s short-term trend or has a specific trading plan
• The funds might be used for market manipulation or arbitrage activities
• The hacker could be waiting for a certain time window to execute large trades

It is worth noting that, according to information, ETH has risen 2.12% in the past 24 hours and 8.56% over 7 days. The hacker’s leveraged long position is profitable under the current market conditions.

The Importance of On-Chain Monitoring

PeckShield’s ability to track these fund flows in real-time shows that even with mixing through Tornado Cash, large amounts of on-chain footprints can still be monitored. This is significant for subsequent fund tracking and criminal investigation.

However, in reality, although the fund flow is clear, truly freezing or recovering these funds requires multi-chain cooperation and exchange collaboration. The hacker’s choice to establish leverage positions rather than directly withdraw might be a way to avoid such risks.

Summary

This $27.3 million multi-signature wallet theft highlights several important issues:

• Even multi-signature wallets are vulnerable to intrusion, possibly involving internal personnel or compromise of multiple signers
• The hacker’s professionalism is high, forming a complete chain from theft, laundering, to fund utilization
• On-chain security monitoring technology has matured in tracking criminal funds, but there are still gaps in execution
• Abnormal large fund operations leave on-chain traces, making long-term concealment difficult

Future attention should be paid to when the hacker will utilize this leverage position and whether exchanges will take action based on risk alerts.