**Attacker Takes Over Multisig Wallet Minutes After Creation, Drains Up to $40M Slowly**
A shocking case of crypto theft has come to light, where an attacker managed to take control of a high-value multisignature wallet just minutes after its creation. The wallet's owner, believed to be a "whale" with significant cryptocurrency holdings, had their funds drained at a leisurely pace over several weeks.
**The Theft: A Detailed Timeline**
According to forensic analysis by Yehor Rudytsia, head of forensic at Hacken Extractor, the multisig wallet was created on November 4th at 7:46 am UTC by the victim's account. However, ownership was transferred to the attacker just six minutes later. This suggests that the thief may have created the multisig and manipulated it to appear as if the victim controlled it.
"The very likely scenario is that the theft actor created this multisig and transferred funds there, then promptly swapped the owner to be himself," Rudytsia told Cointelegraph.
**A Patient Thief: How the Attacker Operated**
Once in control of the wallet, the attacker proceeded with caution. They made Tornado Cash deposits in batches over several weeks, starting with 1,000 ETH on November 4th and continuing through mid-December in smaller, staggered transactions. The theft has left around $25 million in assets still controlled by the attacker.
Rudytsia's analysis also revealed that the multisig wallet was configured as a "1-of-1," meaning only a single signature was required to approve transactions. This raises concerns about the wallet structure and its potential vulnerabilities.
**Possible Attack Vectors: What Can Be Learned**
Abdelfattah Ibrahim, a decentralized application (DApp) auditor at Hacken, identified several possible attack vectors that could have been used in this case:
* Malware or infostealers on the signer's device * Phishing attacks that trick users into approving malicious transactions * Poor operational security practices such as storing keys in plaintext or using the same machine for multiple signers
Ibrahim emphasized the importance of preventing such attacks by isolating signing devices as cold devices and verifying transactions beyond the UI.
**The Future of Smart Contract Exploits: AI Models Capable of Autonomous Exploitation**
In a related development, researchers from Anthropic and the Machine Learning Alignment & Theory Scholars (MATS) group found that today's leading AI models are capable of developing real, profitable smart contract exploits. Their tests demonstrated that autonomous exploitation is technically feasible using commercially available models.
This raises concerns about the potential for future attacks on decentralized applications (dApps) and highlights the need for more robust security measures to prevent such incidents.
**The Incident Raises Questions About Wallet Security and Operational Practices**
The theft of a high-value multisig wallet just minutes after its creation serves as a stark reminder of the importance of secure operational practices. It also raises questions about the effectiveness of current security measures in preventing such attacks.
As the crypto space continues to evolve, it is crucial that wallet owners and operators prioritize robust security measures to prevent similar incidents from occurring in the future.
**Sources:**
* PeckShield: [X post](link) * Cointelegraph: [Article on AI models capable of smart contract exploits](link)
This article has been formatted with HTML tags for improved readability. The content includes detailed information about a recent crypto theft, where an attacker took control of a high-value multisig wallet minutes after its creation and drained funds at a leisurely pace over several weeks.