Blockchain investigator ZachXBT reported that a single crypto user was socially engineered into revealing a hardware‑wallet seed and approvals, resulting in roughly 1,459 BTC and 2.05 million LTC (about $282 million) being stolen. The attacker rapidly laundered funds through THORChain, instant exchanges and began converting large amounts into Monero, complicating traceability.

On Jan. 10, blockchain sleuth ZachXBT published on‑chain analysis showing that a single user lost approximately 1,459 BTC and 2.05 million LTC after falling victim to a social‑engineering attack that extracted hardware‑wallet seed material and transaction approvals. The attacker executed swift hops, routing value through THORChain and several instant exchange services to fragment and obfuscate the flow. Large, coordinated conversions into Monero (XMR) followed, a move that both supported a sharp XMR price uptick and materially increased the difficulty of tracing final beneficiaries. Investigators noted the attacker used staged transfers and intermediary services to minimize on‑chain patterns that normally enable clustering; time‑sensitive swaps and use of privacy coin rails reduced conventional forensic signal. The incident underscores persistent operator risk around hardware‑wallet social attacks—where attackers combine remote persuasion, staged approvals, and claims of support or authority to coax victims into signing transactions—and illustrates how hybrid on‑chain/off‑chain laundering chains rapidly convert high‑value crypto into privacy assets, complicating law enforcement recovery efforts.