Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
A cryptocurrency holder suffered a loss exceeding $282 million in Bitcoin and Litecoin on January 10, described by blockchain investigator ZachXBT as a social engineering scam targeting hardware wallets, marking the largest individual crypto theft of 2026 to date.
This event actually surpassed the previous significant social engineering hack record of $243 million, established in August 2024.
The perpetrator promptly began converting the stolen assets into Monero via various instant exchanges, leading to a sharp increase in XMR’s price.
Bitcoin was also transferred to Ethereum, Ripple, and Litecoin through Thorchain as the offender sought to conceal the trail of the funds across several blockchain networks.
On January 10, 2026, around 11 pm UTC, a victim lost over $282M worth of LTC & BTC due to a hardware wallet social engineering scam.
The attacker started converting the stolen LTC & BTC to Monero via multiple instant exchanges, resulting in a significant rise in XMR’s price.
BTC was also…— ZachXBT (@zachxbt) January 16, 2026
Record-Breaking Theft Surpasses Previous Social Engineering Incident
This occurrence surpasses the August 2024 incident involving theft from Genesis creditors, where the threat actors Greavys, Wiz, and Box stole $243 million through a complex social engineering scheme.
The attack entailed spoofed calls from representatives of Google and Gemini support, who persuaded the victim to reset their two-factor authentication and grant screen access via AnyDesk, ultimately exposing private keys from Bitcoin Core.
ZachXBT’s investigation into the August incident resulted in several arrests and the freezing of millions in assets.
Box and Greavys were apprehended in Miami and Los Angeles, while Wiz was later captured by US Marshals.
A total of twelve individuals were charged in relation to the $243 million theft, with a subsequent indictment confirming the arrest of Danny Zulfiqar Khan in Dubai.
The magnitude of the recent $282 million loss illustrates how social engineering tactics are continually evolving to exploit victims despite heightened awareness and security measures within the crypto sector.
1/ An inquiry into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have led to multiple arrests and millions frozen. pic.twitter.com/dcY1e9xsPd
— ZachXBT (@zachxbt) September 19, 2024
Ongoing Threats Target Crypto Users Across Various Channels
Social engineering attacks have emerged as the primary threat vector in cryptocurrency theft, with scammers increasingly mimicking customer support representatives from prominent platforms.
Related Posts
Recently, Brooklyn resident Ronald Spektor was charged with allegedly stealing $16 million from approximately 100 Coinbase users by impersonating company employees and employing panic strategies to compel swift decisions.
The notorious North Korean hacker has also reemerged with new social engineering techniques.
“They message everyone with previous conversation history,” explained MetaMask security researcher Taylor Monahan, referring to North Korean hackers utilizing fake Zoom tactics.
“DPRK threat actors are still causing significant harm to many of you via their fake Zoom / fake Teams meetings.”
North Korean cybercriminals have stolen over $300 million using fraudulent video conferencing tactics that install malware to extract passwords and private keys.
Attackers direct victims to Zoom links that lead to recorded videos of known contacts, then send harmful “patch” files disguised as software updates that deploy Remote Access Trojans.
Despite a general 60% decrease in December’s exploit losses to $76 million, according to PeckShield, address poisoning scams and private key leaks remain substantial threats.
One victim in December lost $50 million after mistakenly copying a fraudulent address that visually resembled their intended target, while another breach involving a multi-signature wallet key leak resulted in $27.3 million in losses.
Industry statistics indicate that crypto theft totaled $3.4 billion between January and early December 2025, with Americans suffering a record $9.3 billion in crypto-related crimes in 2024.
Investment fraud accounted for $5.7 billion in losses, with victims over 60 reporting the highest individual losses at $2.8 billion.
Security experts continue to stress that technical solutions alone cannot avert social engineering attacks.
How are scammers stealing billions in crypto? We sat down with @CrystalPlatform CEO Navin Gupta as he breaks down the psychology, AI-powered tactics, and the #1 mindset shift that could prevent most fraud.#CryptoScam #Deepfakehttps://t.co/9WQQvGSuED
— Cryptonews.com (@cryptonews) June 24, 2025
“Assume every unsolicited message is a potential attack,” stated Navin Gupta, CEO of blockchain analytics platform Crystal, in an interview with Cryptonews. “That mental shift alone filters out 80% of threat vectors.”
Experts suggest verifying every character of destination addresses before sending funds, avoiding SMS-based two-factor authentication in favor of hardware security keys, and never responding to unsolicited messages indicating account breaches.
The irreversible nature of crypto transactions means that victims typically cannot retrieve stolen funds once attackers gain access to private keys or deceive users into authorizing transfers.
The post Victim Loses $282M in Bitcoin and Litecoin to Hardware Wallet Scam appeared first on Cryptonews.
