-
A single scam call led to a $282M loss, proving even hardware wallets fail if users share recovery phrases.
-
The hacker moved funds fast using Monero and cross-chain bridges, avoiding exchanges and tracking tools.
-
The case raises fresh fears about crypto security, scams, and how decentralized systems can be abused.
A crypto user lost over $282 million in Bitcoin and Litecoin after falling victim to one of the largest social engineering attacks recorded. Late on January 10, 2026, the victim was tricked into sharing their recovery phrase for a hardware wallet — essentially handing over the keys to their funds.
Blockchain investigator ZachXBT later confirmed that once the attacker had this information, they took full control of the wallet and moved the money almost immediately across different networks. In just moments, about 2.05 million Litecoin worth roughly $153 million and 1,459 Bitcoin valued at around $139 million were gone
The attacker immediately started converting parts of the stolen assets into Monero, for which the prices of XMR went up in no time. Also, a lot of Bitcoin was bridged over Ethereum, Ripple, and Litecoin via THORChain. This cross-chain bridging enabled the thief to move the value without the use of any centralized exchanges. Hence, this incident kicked up the dust again, raising questions about possible abuses of decentralized infrastructures.
Real-Time Monitoring and Freeze Efforts
Security firm ZeroShadow revealed on LinkedIn that they traced and flagged parts of the stolen funds in real time. Within roughly 20 minutes, they reportedly froze around $700,000 before it fully converted into privacy-focused assets.
ZeroShadow identified the victim as a Bitcoin address linked to an individual deceived by someone impersonating Trezor “Value Wallet” support. ZachXBT dismissed speculation of state-sponsored involvement, stating, “It’s not North Korea.”
Implications for Hardware Wallets and Blockchain Analytics
This attack raises questions about the reliability of hardware wallets. Traditionally viewed as the gold standard for secure crypto storage, these devices now show vulnerabilities if compromised during manufacturing or distribution.
In addition, the event places a strain on the security standards and risk models for regulators, insurers, and cryptocurrency custodians. Moreover, with Monero or the use of mixers, the cryptocurrency analytics companies face challenges in tracing the money.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
