A single scam call has resulted in a staggering $282 million loss, demonstrating that even hardware wallets can fail if users inadvertently share their recovery phrases. The hacker acted swiftly, utilizing Monero and cross-chain bridges to move the funds, thereby circumventing traditional exchanges and tracking tools.
This incident reignites concerns surrounding crypto security, the prevalence of scams, and the potential for decentralized systems to be exploited by malicious actors.
Massive Loss Through Social Engineering
A cryptocurrency user lost over $282 million in Bitcoin and Litecoin after becoming a victim of one of the largest social engineering attacks on record. On the evening of January 10, 2026, the victim was manipulated into revealing their recovery phrase for a hardware wallet, effectively surrendering direct access to their digital assets.
Blockchain investigator ZachXBT later confirmed that once the attacker possessed this critical information, they immediately gained complete control of the wallet and proceeded to transfer the funds across various networks with extreme speed. Within moments, approximately 2.05 million Litecoin, valued at around $153 million, and 1,459 Bitcoin, worth approximately $139 million, were irreversibly moved.
Monero Conversion and Cross-Chain Bridging
The perpetrator wasted no time in converting portions of the stolen assets into Monero, which saw a rapid increase in its price. Simultaneously, a significant amount of Bitcoin was bridged over to other blockchains, including Ethereum, Ripple, and Litecoin, utilizing the THORChain protocol. This strategic cross-chain bridging allowed the thief to transfer the value without the necessity of engaging any centralized exchanges, thereby intensifying scrutiny over the potential abuses of decentralized infrastructure.
Real-Time Monitoring and Freeze Efforts
The security firm ZeroShadow reported on LinkedIn that their team was able to trace and flag portions of the stolen funds in real time. Within approximately 20 minutes of the theft, they managed to freeze around $700,000 before it could be fully converted into privacy-focused cryptocurrencies.
ZeroShadow identified the victim as a Bitcoin address associated with an individual who was deceived by someone impersonating Trezor "Value Wallet" support. ZachXBT later dismissed speculation regarding state-sponsored involvement, clarifying that "It’s not North Korea."
Implications for Hardware Wallets and Blockchain Analytics
This sophisticated attack raises significant questions about the inherent reliability of hardware wallets. These devices, long considered the benchmark for secure cryptocurrency storage, have now demonstrated potential vulnerabilities if their integrity is compromised, whether during manufacturing or distribution.
Furthermore, the incident places considerable strain on the security standards and risk assessment models employed by regulators, insurance providers, and cryptocurrency custodians. The use of privacy coins like Monero and the implementation of mixing services also present substantial challenges for cryptocurrency analytics firms attempting to trace illicit financial flows.