Attacker takes over multisig minutes after creation, drains up to $40M slowly
A crypto attacker took control of a multisig wallet just minutes after its creation 44 days ago, ultimately draining up to an estimated $40 million. Blockchain analysis reveals the wallet was created by the victim on November 4th, but ownership was transferred to the attacker only six minutes later. The attacker then patiently drained and laundered the funds in stages, using Tornado Cash over several weeks. Security experts note the wallet was configured as a "1-of-1" multisig, requiring only one signature, which defeats its purpose. Possible attack vectors include malware, phishing, or poor security practices like storing keys in plaintext. The incident highlights growing security concerns, especially as new research shows AI models are already capable of autonomously finding and exploiting smart contract vulnerabilities.
cointelegraph12/18 13:14