A crypto holder has lost more than $282 million in Bitcoin and Litecoin after being tricked into handing over their wallet seed phrase to an attacker posing as Trezor support, marking one of the largest social engineering thefts the industry has seen.
A single mistake, total wallet access
The theft took place late on Jan. 10, 2026, when the victim was deceived into revealing the recovery phrase for a hardware wallet. Blockchain investigator ZachXBT said the attacker immediately gained full control and began draining the funds within minutes.
On-chain data shows the wallet held roughly 1,459 Bitcoin, worth about $139 million, alongside 2.05 million Litecoin valued near $153 million at the time. Once compromised, the assets were quickly scattered across networks in an effort to complicate tracking.
Laundering via cross-chain tools and privacy coins
Soon after the funds were moved, large portions were routed through THORChain, allowing the attacker to bridge value across Bitcoin, Ethereum, XRP, and Litecoin without using centralized exchanges. The maneuver renewed criticism of how decentralized cross-chain systems can be exploited during high-profile thefts.
At the same time, the attacker began swapping assets into Monero using instant exchange services. The rush of conversions briefly pushed XMR’s price higher, a familiar pattern when stolen funds are funneled into privacy-focused coins to obscure transaction histories.
Some funds stopped, but most are gone
Security firm ZeroShadow said blockchain monitoring teams flagged the suspicious activity in real time. Within about 20 minutes, roughly $700,000 worth of assets were frozen before they could be fully converted.
ZeroShadow later identified the wallet as belonging to an individual who had been misled by someone impersonating Trezor “Value Wallet” support. ZachXBT dismissed speculation that the theft was tied to a state-backed hacking group, stating plainly that it was not linked to North Korea.