The $330 million attack: A stark reminder of social engineering’s power
A major crypto theft has sent shockwaves through the industry, with $330 million worth of Bitcoin (BTC) stolen. Experts say this was a social engineering attack and not a technical hack.
Investigations led by blockchain analyst ZachXBT suggest the victim was an elderly US citizen who was manipulated into granting access to their crypto wallet. On April 28, 2025, ZachXBT detected a suspicious transfer of 3,520 BTC, worth $330.7 million.
The stolen BTC was quickly laundered through more than six instant exchanges and converted into the privacy-oriented cryptocurrency Monero (XMR). Onchain analysis shows the victim had held over 3,000 BTC since 2017, with no previous record of substantial transactions.
Unlike typical cyberattacks that exploit software vulnerabilities, this incident relied on psychological manipulation. Scammers posed as trusted entities, slowly building credibility before persuading the victim over the phone to share sensitive credentials. This is the hallmark of social engineering — exploiting human trust rather than system weaknesses.
Decoding the laundering tactics after the attack
After the Bitcoin theft, the attacker swiftly began laundering the funds using a peel chain method, splitting the stolen amount into smaller, harder-to-trace portions. The funds were routed through hundreds of wallets and scores of exchanges or payment services, including Binance.
A significant amount was laundered via instant exchanges and mixers, further obscuring its trail. A large portion of BTC was quickly converted into XMR, a privacy coin with untraceable architecture, causing its price to briefly surge 50% to $339.
The attackers used pre-registered accounts across exchanges and OTC desks, which suggests careful planning. Some BTC was even bridged to Ethereum and deposited into various DeFi platforms, making forensic tracing more difficult. Investigators have since notified exchanges in hopes of freezing any accessible funds.
While attribution remains unclear, analysts like ZachXBT ruled out North Korean Lazarus Group involvement, pointing instead to skilled independent hackers. Hacken traced $284 million of BTC, now diluted to $60 million after extensive peeling and redistribution through obscure platforms.
Binance and ZachXBT were able to freeze about $7 million of the stolen funds. However, the bulk of the stolen Bitcoin remains missing. The suspects include an individual using the alias “X,” allegedly operating from the UK and believed to be of Somali origin, and another accomplice known as “W0rk.” Both have reportedly scrubbed their digital footprints since the theft.
This case underscores that crypto security isn’t just about strong passwords and hardware wallets but also about recognizing psychological threats. As the investigation continues, the community is reminded that even the most secure technologies are vulnerable to human fallibility.
What is social engineering in crypto crimes, and what psychological tactics are involved?
Social engineering is a manipulative technique used by cybercriminals to exploit human psychology. They trick you into revealing confidential information to access your wallets and perform actions that compromise security.
Unlike traditional hacking, which targets system vulnerabilities, social engineering thrives on human weaknesses such as trust, fear, urgency and curiosity. It leverages psychological tactics to manipulate victims.
Here are common tactics used by criminals to convince their victims and execute their plans:
- Using fake authority: A common tactic criminals use is authority, where attackers impersonate figures of trust, such as law enforcement or tech support, to pressure victims into revealing the information they want.
- Create urgency: Urgency is another tactic, often used in phishing emails or scam calls that demand immediate action to prevent “loss” or claim a reward.
- Preying on the instinct of reciprocity: Reciprocity involves playing on the instinct to return favors, luring victims with gifts like fake airdrops or rewards.
- Triggering impulsive actions: Scarcity drives decisions by presenting fake limited-time offers, prompting impulsive behavior.
- Riding herd mentality: Social proof, or the herd mentality, is also common with fraudsters often claiming others have already benefited, encouraging the victim to follow suit.
These psychological strategies are a major threat to users in the crypto space, where irreversible transactions and often decentralized platforms make it very difficult for the victims to regain the lost funds.
Did you know? Crypto drainers-as-a-service (DaaS) offers complete social engineering toolkits, including…
cointelegraph.com