Over $282M Stolen in Bitcoin and Litecoin via Social Engineering Attack

A cryptocurrency investor has lost more than $282 million in Bitcoin and Litecoin after attackers manipulated the victim into approving fraudulent transactions.

Notably, the incident, which occurred on January 10, 2026, at approximately 11:00 PM UTC, ranks among the largest personal crypto thefts ever documented. It underscores how social engineering continues to bypass even sophisticated self-custody protections, including hardware wallets.

• Over $282 million stolen in Bitcoin and Litecoin from one investor.
• Attack method: Social engineering with user-approved transactions
• 928.7 BTC swapped via THORChain into ETH, XRP, and LTC
• Monero price rose approximately 70% within four days after conversions
• Three wallets identified receiving 1,459 BTC and 2.05 million LTC

Blockchain investigator ZackXBT reported that the victim held funds in a hardware wallet at the time of the attack. However, the wallet’s security features did not prevent the loss. The attackers relied on psychological manipulation rather than technical exploits.

Through deception, the victim was persuaded to approve transactions that appeared legitimate. Once confirmed, the transfers allowed the attackers to drain the wallet directly. Importantly, no software vulnerability or hardware flaw was identified during the investigation.

Immediately after gaining control of the assets, the attackers moved quickly to obscure their trail. Specifically, significant amounts of Bitcoin and Litecoin were exchanged for Monero through instant swap services, a common tactic because of Monero’s strong privacy features.

This activity had immediate market effects. Since Monero has lower liquidity than Bitcoin, the sudden inflow drove its price up by roughly 70% over the following four days, according to ZackXBT.

In parallel, the attackers leveraged THORChain, a decentralized cross-chain protocol, to move Bitcoin across multiple networks. ZackXBT traced transactions that bridged Bitcoin into the Ethereum, Ripple, and Litecoin ecosystems.

Because THORChain operates without identity verification, investigators say it is increasingly attractive for laundering illicit funds. Consequently, this cross-chain activity significantly complicated efforts to trace the stolen assets.

ZackXBT identified several major swaps, including the conversion of 928.7 BTC, worth about $78 million, into 19,631 ETH, 3.15 million XRP, and 77,285 LTC.

ZackXBT linked the stolen assets to three main wallet addresses: two Bitcoin wallets and one Litecoin wallet. Collectively, these addresses received 1,459 BTC and 2.05 million LTC.

As of this writing, a substantial portion of the Bitcoin remains in a wallet believed to be under the attackers’ control. The lack of recent movement suggests a calculated pause, leading investigators to speculate that the perpetrators may be waiting for public scrutiny to diminish before resuming activity.

The incident surpasses a high-profile social engineering theft from August 2024 involving a Genesis creditor, in which $243 million was stolen.

In that case, attackers impersonated support personnel, gained remote access, and ultimately extracted private keys. ZackXBT’s investigation contributed to arrests, asset freezes, and multiple criminal charges.

While both cases relied on manipulation rather than exploits, the latest theft reflects a more sophisticated laundering strategy. Specifically, the extensive use of cross-chain swaps and privacy-focused assets marks a notable escalation in these practices.

The case highlights a persistent vulnerability in cryptocurrency security: human trust. Indeed, even the strongest self-custody tools can be undermined when users are deceived into approving malicious transactions.

As ZackXBT’s findings demonstrate, once stolen assets are routed through Monero and cross-chain protocols, recovery becomes exceedingly difficult. Overall, the incident illustrates how crypto crime continues to evolve, adapting to increased user awareness and stronger technical defenses.