$282 million through a hardware wallet: how social engineering is becoming the main threat to crypto

In early 2026, one of the largest private asset hacks occurred, demonstrating a new reality in cryptocurrency security. The hacker carried out a social engineering attack targeting the hardware wallet of one of the victims, resulting in the theft of $282 million in Bitcoin and Litecoin. The incident shows that physical storage devices are no longer an absolute safeguard against social engineering attacks.

How the hardware wallet was hacked: details of the attack

According to well-known blockchain researcher ZachXBT, the victim lost 2.05 million Litecoin (LTC) and 1,459 Bitcoin (BTC) as a result of a targeted social engineering attack. The breach happened in early January when the attacker, posing as a trusted source, gained the wallet owner’s trust.

In this case, social engineering involved convincing the victim to provide confidential information such as private keys or access data to the wallet. This is a classic attack vector that works regardless of the device’s technical protections. A hardware wallet itself cannot protect the user from human factors — the desire to help, fear of losing access, or trust in an allegedly authoritative source.

Rapid conversion to Monero and transfers via Thorchain

After successfully gaining control of the assets, the hacker immediately began converting them. Most of the stolen funds were exchanged for the privacy-focused cryptocurrency Monero (XMR), which contributed to a 70% surge in XMR’s price within four days of the theft.

This choice is not accidental — Monero is known for its privacy orientation and makes transaction tracking more difficult compared to Bitcoin. Some of the Bitcoin was transferred through the Thorchain protocol to other blockchains, including Ethereum, Ripple, and Litecoin itself, creating a tangled chain of transfers. Researcher ZachXBT noted that there are no signs indicating North Korean hackers were involved in this incident, which is common in major hacks.

2025-2026: the year of social engineering as the main threat

This hack is not an isolated case. It is part of a growing trend where social engineering becomes the dominant method of attacking cryptocurrency assets. A few days before this incident, hardware wallet provider Ledger faced a serious data leak caused by unauthorized access to users’ personal information, including names and contact details.

The combination of a hardware wallet breach via social engineering and the data leak from Ledger creates a perfect storm for criminals. They obtain victims’ personal information through the leak and then use this data to craft convincing fake social engineering scenarios. Hackers’ adaptation to modern realities means that even the most secure hardware wallets can be compromised through user manipulation.

What this means for crypto asset owners

The incident underscores the critical importance of protecting not only technical but also human aspects of security. Hardware wallet owners must understand that their device is only the first layer of protection. True security requires:

• Avoiding disclosure of cryptocurrency ownership information even to close contacts
• Verifying the authenticity of any requests for wallet access, including those supposedly from the manufacturer
• Using independent communication channels to confirm the identity of the contacting party
• Understanding that social engineering is often far more effective than technical hacks

The growing trend of social engineering attacks in 2025-2026 shows that malicious actors are focusing on the most vulnerable part of the security system — the human factor. A hardware wallet remains an important tool, but its mere presence does not guarantee security if the owner becomes a manipulation victim.