MASSIVE $282M LOSS IN BITCOIN & LITECOIN AFTER HARDWARE WALLET SCAM
A crypto investor lost more than $282 million worth of Bitcoin and Litecoin on January 10 after falling victim to a hardware wallet social engineering scam, according to blockchain investigator ZachXBT. This theft is now the largest individual crypto hack of 2026, surpassing the previous record of $243 million stolen in August 2024.
Immediately after stealing the funds, the attacker began converting the stolen Bitcoin and Litecoin into Monero (XMR) using multiple instant exchanges. This rapid conversion caused Monero’s price to surge sharply.
To further hide the money trail, the hacker also bridged Bitcoin to Ethereum, Ripple, and Litecoin using Thorchain, spreading the stolen funds across different blockchain networks.
Crypto Social Engineering Scams Continue to Evolve: $282M Stolen in Latest Hack
A crypto investor recently lost $282 million in Bitcoin and Litecoin to a sophisticated hardware wallet social engineering scam on January 10. This latest theft marks the largest individual crypto hack of 2026, surpassing the previous $243 million record from August 2024.
Blockchain investigator ZachXBT said the attacker quickly converted the stolen funds into Monero (XMR) through multiple instant exchanges, then bridged Bitcoin to Ethereum, Ripple, and Litecoin via Thorchain to hide the trail.
Record-Breaking Theft Surpasses 2024 Genesis Incident
The January 10 scam eclipsed the August 2024 Genesis creditor theft, where hackers Greavys, Wiz, and Box stole $243 million via a social engineering operation.
In the 2024 case:
- Attackers impersonated Google and Gemini support representatives.
- The attackers tricked victims into resetting two-factor authentication and sharing screen access via AnyDesk.
- The hackers then accessed private keys stored on Bitcoin Core.
ZachXBT’s investigation into the August incident resulted in multiple arrests and the freezing of millions in crypto assets:
- Box and Greaves were arrested in Miami and Los Angeles.
- Wiz was apprehended by US Marshals.
- A total of 12 people were charged, including Danny Zulfiqar Khan in Dubai.
The scale of the recent $282 million loss highlights how social engineering continues to evolve despite increasing awareness and security measures in the crypto industry.
Bitcoin’s September 2025: Resilience Against the ‘Red September’ Curse
Persistent Threats Target Crypto Users Across Multiple Vectors
Social engineering remains the dominant threat vector in crypto theft, with scammers impersonating support representatives from major platforms.
Recent examples include
- Ronald Spektor allegedly stole $16 million from around 100 Coinbase users by pretending to be platform employees and using panic tactics.
- North Korean hackers have resurfaced with sophisticated tactics, targeting users via fake Zoom or Teams meetings.
MetaMask security researcher Taylor Monahan explained:
“DPRK threat actors are still rekt-ing too many users via their fake Zoom / fake Teams meetings. They message users using prior conversation history to gain trust.”
North Korean hackers have reportedly stolen over $300 million by using fake video conferencing links that deploy malware, exfiltrating passwords and private keys. Attackers often disguise malicious files as software updates, tricking victims into installing Remote Access Trojans (RATs).
Exploit Trends and Losses
Crypto exploit losses dropped 60% in December 2025; however, address poisoning scams and private key leaks still pose major threats.
Notable incidents include:
- A victim lost $50 million after copying a fraudulent address that visually mimicked the intended destination.
- A multi-signature wallet key leak resulted in $27.3 million in losses.
Kazakhstan’s debut of the Yuan stable-coin reflects China’s block-chain strategy
Industry-wide, crypto theft totaled $3.4 billion between January and December 2025. In 2024, Americans alone lost a record $9.3 billion to crypto-related crimes, with $5.7 billion stemming from investment fraud. Victims over 60 reported the largest individual losses, totaling $2.8 billion.
Expert Advice: Prevention Is Key
Security experts emphasize that technical solutions alone cannot stop social engineering attacks.
Best practices recommended include:
- Treating every unsolicited message as a potential scam.
- First, verify every character of the destination address before sending funds.
- Next, to improve security, avoid SMS-based two-factor authentication and instead use hardware security keys.
- Never respond to unsolicited messages claiming account compromises.
“That mental shift alone filters out 80% of threat vectors,” said Navin Gupta, CEO of blockchain analytics platform Crystal.
As crypto transactions are irreversible, victims rarely recover stolen funds once attackers gain access to private keys or deceive users into authorizing transfers.
