Elderly US individual loses $330 million in Bitcoin to social engineering hack, now the fifth-largest crypto heist

The attacker used advanced social engineering tactics to gain access to the victim's wallet, onchain investigator ZachXBT said.

An elderly US individual has reportedly become the victim of a devastating $330 million Bitcoin heist, ranking as the fifth-largest crypto hack in history.

The attacker, who used advanced social engineering tactics to gain access to the victim’s wallet, has been identified by onchain investigator ZachXBT.

The hack, which occurred on April 28, saw the attacker steal 3,520 Bitcoin (BTC), valued at $330.7 million at the time of the theft, and quickly launder the stolen stash using over six instant exchanges to swap it into privacy-focused cryptocurrency Monero (XMR).

Onchain data reveals that the victim, an elderly individual based in the US, had been holding the Bitcoin in a single wallet since 2017.

After the theft, the attacker swiftly laundered the Bitcoin using a peel chain method — a common obfuscation technique where large sums are broken into smaller, harder-to-trace chunks.

“$330M in BTC was received in two transactions, then immediately distributed via peel chains,” onchain researcher at Hacken Yehor Rudytsia said.

Over 300 wallets and 20 exchanges involved

According to internal analysis by Hacken’s Extractor tool, BTC to the value of $284 million was channeled through these chains, which were covered by several layers of peeling and redistribution across low-credibility exchanges.

The analysis indicates that more than 300 hacker wallets and 20+ exchanges or payment services, including Binance, were involved in the laundering operation.

Cointelegraph has reached out to Binance for comment.

“Major problem in cases like this (similar to Genesis creditor’s 4064 BTC theft back in August 2024) is that freezing centralized exchange accounts used in the laundering process is hardened due to particularly slow legal process of police reporting and investigations,” Rudytsia added.

Further complicating matters, the attacker converted a significant portion of the BTC into XMR, triggering a 50% surge in Monero’s price, which briefly peaked at $339.

“Once funds are swapped into Monero, tracing becomes virtually impossible due to its privacy-preserving architecture. The chance of recovery drops significantly after this step,” said Cyvers Alerts senior security operations lead Hakan Unal.

Unal added that the attacker, who had pre-established accounts across multiple exchanges and OTC desks, likely planned the attack meticulously.

A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts. Investigators have since alerted exchanges for potential freezing of funds.

No familiar laundering tactics

Previously, ZachXBT had dismissed the theory that North Korea’s Lazarus Group could have been behind the attack, suggesting that independent hackers were responsible.

While attribution remains uncertain, experts agree that the laundering tactics show rare automation and coordination for a heist of this magnitude.

“So far, we haven’t been able to confidently link this activity to any known hacker group, as the laundering methods used — while sophisticated — don’t clearly match the signature patterns of previously identified actors,” Unal noted.

He recommended using multisignature (multisig) wallets to eliminate single points of failure, minimizing exposure to hot wallets connected to the internet, regularly rotating private keys, and relying on hardware-based cold storage to safeguard large Bitcoin holdings.

In the first quarter of 2025, hackers stole more than $1.6 billion worth of crypto from exchanges and onchain smart contracts, blockchain security firm PeckShield said in an April report.

More than 90% of those losses are attributable to a $1.5 billion attack on Bybit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.