$330M Bitcoin social engineering theft victim is elderly US citizen

An elderly US individual is reportedly the victim of a devastating $330 million Bitcoin heist, now ranked as the fifth-largest crypto hack in history.

The attacker used advanced social engineering tactics to gain access to the victim’s wallet, onchain investigator ZachXBT said in an April 30 update on X.

The hack took place on April 28, 2025, when ZachXBT flagged a suspicious transfer involving 3,520 Bitcoin (BTC), valued at $330.7 million.

Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero (XMR).

Onchain data shows that the victim had held over 3,000 BTC since 2017, with no prior history of large-scale transactions.

Once stolen, the attacker wasted no time laundering the Bitcoin using a peel chain method — a common obfuscation technique in which large sums are broken into smaller, harder-to-trace chunks.

“$330M in BTC was received in two transactions, then immediately distributed via peel chains,” Yehor Rudytsia, onchain researcher at Hacken, explained to Cointelegraph.

“Funds started to flow into multiple instant exchanges / mixers with small amounts, then mixers were distributing funds across multiple new wallets. The biggest funnelling chain is now consists of 40+ wallets.”

Related: Loopscale recovers $2.8M after weekend DeFi hack and bounty talks

Over 300 wallets and 20 exchanges were involved

Hacken’s internal tool, Extractor, tracked $284 million worth of BTC funneled through these chains, which now amounts to around $60 million after repeated “peeling” and redistribution across low-credibility exchanges.

Rudytsia said over 300 hacker wallets and 20+ exchanges or payment services were involved, including Binance.

Cointelegraph has reached out to Binance for comment.

“Major problem in cases like this (similar to Genesis creditor’s 4064 BTC theft back in Aug 2024) is that freezing centralized exchange accounts used in the laundering process is hardened due to particularly slow legal process of police reporting and investigations,” Rudytsia added.

Adding to the complexity, the attacker rapidly converted a significant portion of the BTC into XMR. The move triggered a 50% surge in Monero’s price, with the token briefly reaching $339.

“Once funds are swapped into Monero, tracing becomes virtually impossible due to its privacy-preserving architecture. The chance of recovery drops significantly after this step,” Cyvers Alerts senior security operations lead Hakan Unal said.

Unal said that the attacker likely had pre-established accounts across multiple exchanges and OTC desks, suggesting a high degree of premeditation.

A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts. Investigators have since alerted exchanges for potential freezing of funds.

Related: North Korean hackers set up 3 shell companies to scam crypto devs

No familiar laundering tactics

ZachXBT had previously dismissed the theory that North Korea’s Lazarus Group could have been behind the attack, suggesting independent hackers were responsible.

While attribution remains uncertain, experts agree the laundering tactics show rare automation and coordination for a heist of this magnitude.

“So far, we haven’t been able to confidently link this activity to any known hacker group, as the laundering methods used — while sophisticated — don’t clearly match the signature patterns of previously identified actors,” Unal noted.

He recommended using multisignature (multisig) wallets to eliminate single points of failure, minimizing exposure to hot wallets connected to the internet, regularly rotating private keys, and relying on hardware-based cold storage to safeguard large Bitcoin holdings.

In the first quarter of 2025, hackers stole more than $1.6 billion worth of crypto from exchanges and onchain smart contracts, blockchain security firm PeckShield said in an April report. 

More than 90% of those losses are attributable to a $1.5 billion attack on Bybit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.

Magazine: TV hit Peaky Blinders to launch crypto game, FIFA Rivals on Polkadot: Web3 Gamer