A single victim lost more than $282 million worth of Bitcoin (BTC) and Litecoin (LTC) in what blockchain investigator ZachXBT described as a hardware-wallet social engineering scam, one of the largest individual thefts disclosed so far in 2026.
The attacker quickly began laundering the proceeds by converting the stolen assets into Monero through multiple instant exchanges, activity that ZachXBT said coincided with a sharp move higher in XMR.
ZachXBT also said some Bitcoin was bridged across networks via THORChain as the thief attempted to fragment the trail.
How A Hardware Wallet Theft Happens
Hardware wallets are designed to protect private keys, but scams increasingly focus on the person, not the device.
In social engineering cases, attackers typically impersonate trusted parties, pressure victims into taking urgent action, and trick them into approving malicious transactions or revealing sensitive information.
The common thread is that the victim authorizes the compromise, sometimes by signing a transaction they do not fully understand, sometimes by following instructions from a convincing impersonator, making prevention as much an education and UX problem as it is a security one.
Why Monero And Cross-Chain Rails Keep Showing Up
Privacy-focused assets and cross-chain pathways are recurring tools in post-theft laundering because they can make tracing harder, even when the initial theft is visible on-chain.
In this case, the attacker converted BTC and LTC into Monero via instant exchanges and also bridged funds across chains.
Investigators and compliance teams often watch for patterns like rapid swapping, hopping across venues, and cross-chain transfers that aim to break the continuity of a trail.
Also Read: Here's How Iran Uses Bitcoin To Evade Sanctions And Finance Regional Proxies
Major Crypto Thefts And Hacks
Bybit hack (February 2025): Bybit said around $1.5 billion in crypto was stolen from an ether wallet; the FBI later attributed the incident to North Korean cyber actors.
Nobitex attack (June 2025): An attack on Iran’s Nobitex caused a theft of about $90 million, which blockchain analysts described as politically motivated.
DMM Bitcoin theft (May 2024): Japan’s DMM Bitcoin reported the loss of 4,502.9 Bitcoin worth about $308 million at the time, prompting regulatory scrutiny.
Orbit Chain exploit (January 2024): The Orbit Chain cross-chain bridge suffered an $81 million exploit, underscoring ongoing bridge risk.
Radiant Capital compromise (October 2024): Security analysis described an attack rooted in deceiving signers into approving malicious transactions, another example of “people-layer” compromise.
Hacks trendline (2024–2025): Chainalysis reported $2.2 billion stolen in 2024, while Chainalysis later pointed to mega-hacks and shifting attacker focus toward centralized services and personal targets.