A victim lost more than $282 million in Bitcoin (BTC) and Litecoin (LTC) in a case described as a social engineering scam targeting hardware wallets by blockchain investigator ZachXBT. This is considered one of the largest individual victim cases publicly disclosed as of 2026.

The attacker immediately converted the stolen funds into Monero through several instant exchanges and began laundering, a process that coincided with a surge in XMR prices, according to ZachXBT.

ZachXBT also mentioned that some of the stolen Bitcoin was bridged across networks via THORChain to obfuscate traces.

How hardware wallets get hacked

Hardware wallets are designed to protect private keys, but increasingly, scams are targeting people rather than directly attacking the devices.

In social engineering cases, attackers generally impersonate trustworthy individuals or institutions, apply time pressure on the victim, and trick them into approving malicious transactions or handing over sensitive information.

The commonality is that the victims themselves 'approve' the breach. Issues arise because they sign transactions they do not understand or follow instructions from convincing impersonators, making prevention a matter of both security and education/user experience (UX).

Why do Monero and cross-chain rails repeatedly appear?

Privacy-centric assets and cross-chain paths are repeatedly used as a means of money laundering after theft. Even if the initial theft process is revealed on-chain, it can make subsequent tracking difficult.

In this case as well, the attacker converted BTC and LTC into Monero through instant exchanges and bridged some funds to other chains.

Investigative agencies and compliance teams often monitor patterns that aim to disrupt the continuity of traces, such as rapid asset exchanges, 'jumps' between multiple exchanges/services, and consecutive cross-chain movements.

Also Read: Here's How Iran Uses Bitcoin To Evade Sanctions And Finance Regional Proxies

Major cryptocurrency theft and hacking cases

Bybit hack (February 2025): Bybit revealed that approximately $1.5 billion worth of cryptocurrency was stolen from its Ethereum wallet, and the FBI later identified a North Korean cyber organization as being behind the incident.

Nobitex attack (June 2025): An attack on the Iranian exchange Nobitex resulted in the theft of assets worth approximately $90 million, with blockchain analysts explaining that there were political motivations involved.

DMM Bitcoin theft (May 2024): Japan's DMM Bitcoin reported losing 4,502.9 BTC, equivalent to approximately $308 million at the time, resulting in intensive scrutiny from regulators.

Orbit Chain exploit (January 2024): The Orbit Chain cross-chain bridge was attacked in an exploit worth $81 million, revealing that bridge risks remain significant.

Radiant Capital breach (October 2024): Security analysis revealed that the core issue was that signers were tricked into approving malicious transactions, marking it as another case of 'human layer' breach.

Hacking trends (2024–2025): Chainalysis reported that $2.2 billion was stolen in 2024, and subsequent reports highlighted that the focus of attackers is shifting towards centralized services and individual targets along with mega hacking incidents.

Read Next: BlackRock CEO Larry Fink Warns U.S. Is 'Too Preoccupied' With Monetary Policy As Political Pressure Mounts On Fed