13.01.2026
2 min
380
In January 2026, one of the biggest crypto heists to occur in recent history took place not due to a software bug but due to deception. A scammer using an elaborate social engineering tactic convinced at least one person to give them access to a hardware wallet, resulting in the loss of approximately $282 million in crypto assets.
Almost immediately after the incident, blockchain researchers began tracking the flow of the stolen assets. According to CertiK, the attackers first transferred the stolen Bitcoin and Litecoin from the victim’s wallet to the decentralized exchange ThorSwap. From there, the attackers exchanged those assets for Ethereum (ETH) so as to make it harder to track where they went next. Afterward, the attackers continued to transfer the ETH through several other transactions until they eventually sent them to Tornado Cash, a common mixer for cryptocurrency that allows people to launder their cryptocurrency by obscuring its origin.
At this point, the trail of the stolen ETH became much more difficult to follow.
ZeroShadow reported that about $700,000 worth of the stolen ETH could have been frozen; however, that amount represented less than 1% of the total stolen value and Bitcoin VN alerted researchers to a series of suspiciously large transactions related to THORChain. Nevertheless, by the time that the researcher alerted authorities, the majority of the stolen ETH had already been converted into different types of cryptocurrency and were ready to be laundered.
ZachXBT, a blockchain investigator, was the first to report the incident on the public blockchain. He stated that the thief had manipulated the victim into doing something that would grant the attacker complete control over the victim’s hardware wallet.
As soon as the attacker gained control of the hardware wallet, they rapidly moved the cryptocurrencies stored in the wallet. They transferred the Bitcoin and Litecoin to Monero instantly, using instant exchange services, and used THORChain to bridge the Monero across multiple blockchains. As a result, Monero’s price spiked nearly 70% in just a matter of days.
Researcher noted that the attack does not appear to be affiliated with North Korea’s hacking group who have been involved in many of the high-profile crypto hacks.
This event serves as another example of how vulnerable crypto users can be to social engineering attacks and how hardware wallets will not protect a user if they are manipulated into providing an attacker with access to the hardware wallet. Phishing sites, fake support messages, and emotional manipulation remain among the most successful tactics employed by hackers in order to obtain access to a user’s hardware wallet. In 2026, the human element remains the weakest link in protecting users’ cryptocurrency.
