A single victim lost over 282 million dollars in Bitcoin (BTC) and Litecoin (LTC) in what blockchain investigator ZachXBT described as a social engineering scam related to a hardware wallet, one of the largest individual thefts revealed to date in 2026.
The attacker quickly began to launder the proceeds of the theft by converting the stolen assets into Monero through several instant exchange platforms, an activity that ZachXBT noted coincided with a sharp rise in XMR.
ZachXBT also stated that part of the Bitcoin had been transferred between networks via THORChain while the thief attempted to fragment the traces.
How a hardware wallet theft occurs
Hardware wallets are designed to protect private keys, but scams are increasingly focusing on the person rather than the device.
In cases of social engineering, attackers typically impersonate trusted parties, pressure victims to act urgently, and deceive them into approving malicious transactions or disclosing sensitive information.
The common point is that the victim allows the compromise themselves, sometimes by signing a transaction they do not fully understand, sometimes by following the instructions of a convincing imposter, making prevention as much an issue of education and ergonomics as a purely security issue.
Why Monero and inter-chain routes keep coming back
Privacy-focused assets and inter-chain paths are recurring tools in post-theft laundering, as they can make tracing more difficult, even when the initial theft is visible on-chain.
In this case, the attacker converted BTC and LTC into Monero via instant exchanges and also routed funds between different blockchains.
Investigators and compliance teams often monitor patterns such as rapid exchanges, jumps between platforms, and inter-chain transfers aimed at breaking the continuity of the trace.
Also Read: Here's How Iran Uses Bitcoin To Evade Sanctions And Finance Regional Proxies
Major Crypto Thefts and Hacks
Bybit Hack (February 2025): Bybit reported that approximately 1.5 billion dollars in crypto had been stolen from an ether wallet; the FBI later attributed the incident to North Korean cyber actors.
Nobitex Attack (June 2025): an attack against Nobitex in Iran resulted in the theft of approximately 90 million dollars, which blockchain analysts described as politically motivated.
Bitcoin Theft at DMM (May 2024): the Japanese platform DMM Bitcoin reported the loss of 4,502.9 Bitcoin, worth approximately 308 million dollars at the time, triggering regulatory scrutiny.
Orbit Chain Exploit (January 2024): the Orbit Chain inter-chain bridge suffered an exploit of 81 million dollars, highlighting the ongoing risk associated with bridges.
Compromise of Radiant Capital (October 2024): a security analysis described an attack relying on deceiving signers to get them to approve malicious transactions, another example of compromise at the 'human level'.
Hacking Trends (2024–2025): Chainalysis reported 2.2 billion dollars stolen in 2024, then highlighted the role of mega-hacks and the shift of attackers' focus towards centralized services and individual targets.
Read Next: BlackRock CEO Larry Fink Warns U.S. Is 'Too Preoccupied' With Monetary Policy As Political Pressure Mounts On Fed
