2026 got off to a disastrous start for one crypto user, who fell victim to one of the largest social engineering attacks in digital asset history, losing over $282 million in Bitcoin and Litecoin.
How Crypto User Fell Victim To $282M Theft
According to prominent blockchain sleuth ZachXBT, the crypto theft occurred on January 10, 2026 at around 11:00 pm UTC. Around 2.05 million Litecoin (worth roughly $153 million) and 1,459 Bitcoin (equivalent to around $139 million) was drained from the victim’s hardware wallet after they were tricked into sharing their seed phrase.
The exploiter swiftly transferred the funds across multiple networks to obscure the trail after gaining full control of the crypto wallet. As revealed by ZachXBT, the attacker first began converting the stolen crypto assets into Monero’s native token, XMR, through multiple instant exchanges, leading to a surge in the price of XMR.
Furthermore, the exploiter bridged significant amounts of the stolen Bitcoin across Ethereum, Ripple, and Litecoin through THORChain, a decentralized cross-chain platform that enables users to swap crypto assets between different blockchain networks. Unsurprisingly, this move reignited the debate around the use — or abuse — of censorship-resistant cross-chain protocols, especially during security breaches.
After the news of the attack made it to social media, conversations around the entity or persons behind $282 million theft started, with many linking it to a state-sponsored hacking group. However, ZachXBT categorically stated that “it’s not North Korea,” potentially exonerating the infamous state-backed Lazarus Group.
Source: @zachxbt on X
In a post on LinkedIn, security firm ZeroShadow described the victim as a Bitcoin wallet “belonging to an individual who had been tricked into sharing their seed phrase by an actor impersonating Trezor ‘Value Wallet’ support.” The firm claimed that it was able to track and flag parts of the stolen funds in real time after being alerted by blockchain monitoring teams.
According to ZeroShadow, roughly $700,000 worth of crypto assets were reportedly frozen before they could be fully swapped into privacy-focused assets. This latest incident sheds light on how the digital asset industry is still being targeted by malicious actors.
XMR Price Rallies To New High Following Security Incident
As described by ZachXBT, the attacker, after gaining control of the victim’s wallet, began converting the stolen crypto assets into Monero’s native token, XMR, through several exchanges. In the background, this activity pushed the price of the privacy-focused XMR to a new all-time high around $800 over the past week.
According to data from CoinGecko, the XMR token rallied almost 80% to $797.73 from a weekly low around $450 following the crypto theft. As of this writing, XMR is valued at around $588, reflecting a nearly 25% drop in the past few days.
The price of XMR on the daily timeframe | Source: XMRUSDT chart on TradingView
