According to PeckShieldAlert, an Ethereum whale’s multisig was drained for about $27.3 million after a private key compromise, and the attacker has already funneled about $12.6 million, around 4,100 ETH, through Tornado Cash, while keeping about $2 million in liquid assets on hand.
Etherscan-linked traces shown in the screenshots point to address "0x1fCf1" repeatedly sending out 100 ETH chunks to Tornado Cash, the kind of pattern that looks less like one "panic move" and more like a planned laundering schedule, and the same set of screens also ties the drainer to control over the victim’s multisig.
That control matters because, per the Aave interface capture, the victim's multisig still sits on a leveraged ETH long: about $25 million in Ethereum supplied against about $12.3M DAI borrowed, with a health factor displayed around 1.68, meaning the wallet is alive, but not "sleep easy" alive, if ETH slides.
So, which tokens were involved?
The Etherscan wallet overview in the images shows 100.3184 ETH worth about $284,640 plus holdings around $1.37 million across 201 tokens, with the most visible major lines being 303.44 WETH, equal to around $860,973; 2,216.36 OKB for another $234,802); 4,928.74 LEO at $36,374) and 151,990.97 FET, which made $30,870 more.
The near-term risk is not just what was taken but what gets forced: if ETH drops hard enough to pressure that Aave health factor, liquidations can turn collateral into automatic selling, and the attacker does not need to "dump everything" to create this ugly selling wave.
Dan Burgin
Vladislav Sopov
U.Today Editorial Team