A single cryptocurrency holder lost more than $282 million in Bitcoin and Litecoin on January 10, 2026, after falling victim to a highly sophisticated social engineering attack. The incident now stands as the largest individual crypto theft recorded so far this year, surpassing the previous record of $243 million set in August 2024. The victim was a high-value “whale” investor using a hardware wallet, a setup widely regarded as the most secure form of self-custody. Despite the hardware protections, attackers were able to bypass security through deception rather than technical exploitation.
How the Attack Unfolded
According to details shared publicly, the breach did not involve flaws in the hardware wallet’s software or cryptographic design. Instead, the attackers relied on impersonation and psychological manipulation, convincing the victim to manually approve fraudulent transactions. Once access was granted, the attacker drained approximately 1,459 BTC and 2.05 million LTC. Because hardware wallets require explicit user approval for every transfer, the theft hinged entirely on human error rather than a system failure.
Laundering Activity Triggers Market Shock
Following the theft, the perpetrator moved quickly to obscure the trail of the stolen assets. Large portions of the BTC and LTC were converted into Monero (XMR) through instant exchange services, a move that coincided with a sharp price reaction. Over the four days after the attack, XMR surged by roughly 70%, driven by the sudden influx of conversion volume. Additional funds were routed across multiple blockchains using the decentralized protocol Thorchain. Transactions were observed bridging assets through networks including Ethereum, Ripple, and Litecoin, complicating tracking efforts and fragmenting the stolen balance. The incident was first reported by blockchain investigator ZachXBT, who noted that there were no current indications linking the attack to North Korean hacking groups, which are often associated with large-scale crypto thefts.
A Reminder About Human Risk in Self-Custody
Security specialists stressed that the case highlights a persistent vulnerability in crypto self-custody: user approval. Even with cold storage, hardware wallets depend on the owner to verify and sign transactions, leaving room for manipulation if attackers succeed in creating urgency or false authority. Experts recommend strict verification practices to reduce exposure to similar attacks. Users are advised to ignore unsolicited support messages or urgent requests, carefully review transaction details on their hardware wallet screens before signing, and avoid clicking links claiming an account has been compromised. The scale of the theft underscores how social engineering, rather than code exploits, continues to be one of the most effective attack vectors in the crypto ecosystem.