A crypto holder lost more than $282 million worth of Bitcoin and Litecoin on January 10 after falling victim to a sophisticated hardware wallet scam — the largest single crypto theft of 2026 so far, according to blockchain investigator ZachXBT.
The attack surpassed the previous record for an individual social engineering scam, which stood at $243 million following a high-profile theft in August 2024.
Shortly after gaining control of the funds, the attacker began rapidly moving and converting the stolen crypto. Large portions were swapped into Monero (XMR) using multiple instant exchanges, triggering a sudden spike in XMR’s price. Other assets were routed through Thorchain, bridging Bitcoin into Ethereum, Ripple and Litecoin in an apparent effort to obscure the money trail across multiple blockchains.
A New Record for Social Engineering Scams
The scale of the theft eclipses the August 2024 Genesis-related hack, where attackers stole $243 million using a carefully planned social engineering scheme. In that case, scammers impersonated Google and Gemini support staff, convincing the victim to disable security protections and grant screen access through AnyDesk — ultimately exposing private keys stored in Bitcoin Core.
ZachXBT’s investigation into that earlier attack helped authorities track the perpetrators. Several suspects — known online as Greavys, Wiz and Box — were arrested in the U.S., while millions of dollars in assets were frozen. In total, twelve people were charged, with one suspect, Danny Zulfiqar Khan, later arrested in Dubai.
The latest $282 million loss underscores a troubling reality: even as awareness grows, social engineering attacks continue to evolve, often outpacing users’ defenses.
Scammers Are Getting Better — and Bolder
Social engineering has become the leading cause of crypto theft, with scammers increasingly posing as customer support staff from major exchanges and wallet providers.
In one recent case, Brooklyn resident Ronald Spektor was charged with stealing $16 million from around 100 Coinbase users by pretending to be a company employee and pressuring victims into making rushed decisions.
North Korean hackers have also returned to the spotlight with new tactics. According to MetaMask security researcher Taylor Monahan, these attackers often message victims using accounts with existing chat histories to appear trustworthy.
“They message everyone with prior conversation history,” Monahan said. “DPRK threat actors are still wrecking way too many of you via fake Zoom or fake Teams meetings.”
In these schemes, victims are directed to fake video calls that appear to feature familiar contacts. They’re then encouraged to install what looks like a software update — but is actually malware designed to steal passwords and private keys. North Korean-linked groups have already stolen more than $300 million using these methods.
Losses Continue Despite Improved Security
While overall crypto exploit losses fell 60% in December to $76 million, according to PeckShield, scams like address poisoning and private key leaks remain widespread.
In one case, a victim lost $50 million after copying a wallet address that closely resembled the intended recipient. Another breach involving a leaked multi-signature wallet key resulted in $27.3 million in losses.
Industry data shows crypto theft reached $3.4 billion between January and early December 2025. In the U.S. alone, crypto-related crimes cost victims a record $9.3 billion in 2024, with investment fraud accounting for $5.7 billion of that total. Victims over the age of 60 suffered the largest losses.
Security experts stress that no technical solution can fully eliminate social engineering risk.
“Assume every unsolicited message is a potential attack,” said Navin Gupta, CEO of blockchain analytics firm Crystal. “That mindset alone filters out about 80% of threats.”
Experts also urge users to double-check every character of wallet addresses, avoid SMS-based two-factor authentication in favor of hardware security keys, and never respond to unsolicited messages claiming account compromises.
Because crypto transactions are irreversible, once attackers gain access to private keys — or trick users into authorizing transfers — the funds are usually gone for good.
