An elderly US individual is reportedly the victim of a devastating $330 million Bitcoin heist, now ranked as the fifth-largest crypto hack in history.
The attacker used advanced social engineering tactics to gain access to the victimโs wallet, onchain investigator ZachXBT said in an April 30 update on X.
The hack took place on April 28, 2025, when ZachXBT flagged a suspicious transfer involving 3,520 Bitcoin (BTC), valued at $330.7 million.
Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero (XMR).
Onchain data shows that the victim had held over 3,000 BTC since 2017, with no prior history of large-scale transactions.
Once stolen, the attacker wasted no time laundering the Bitcoin using a peel chain method โ a common obfuscation technique in which large sums are broken into smaller, harder-to-trace chunks.
โ$330M in BTC was received in two transactions, then immediately distributed via peel chains,โ Yehor Rudytsia, onchain researcher at Hacken, explained to Cointelegraph.
โFunds started to flow into multiple instant exchanges / mixers with small amounts, then mixers were distributing funds across multiple new wallets. The biggest funnelling chain is now consists of 40+ wallets.โ
Related: Loopscale recovers $2.8M after weekend DeFi hack and bounty talks
Over 300 wallets and 20 exchanges were involved
Hackenโs internal tool, Extractor, tracked $284 million worth of BTC funneled through these chains, which now amounts to around $60 million after repeated โpeelingโ and redistribution across low-credibility exchanges.
Rudytsia said over 300 hacker wallets and 20+ exchanges or payment services were involved, including Binance.
Cointelegraph has reached out to Binance for comment.
โMajor problem in cases like this (similar to Genesis creditorโs 4064 BTC theft back in Aug 2024) is that freezing centralized exchange accounts used in the laundering process is hardened due to particularly slow legal process of police reporting and investigations,โ Rudytsia added.
Adding to the complexity, the attacker rapidly converted a significant portion of the BTC into XMR. The move triggered a 50% surge in Moneroโs price, with the token briefly reaching $339.
โOnce funds are swapped into Monero, tracing becomes virtually impossible due to its privacy-preserving architecture. The chance of recovery drops significantly after this step,โ Cyvers Alerts senior security operations lead Hakan Unal said.
Unal said that the attacker likely had pre-established accounts across multiple exchanges and OTC desks, suggesting a high degree of premeditation.
A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts. Investigators have since alerted exchanges for potential freezing of funds.
Related: North Korean hackers set up 3 shell companies to scam crypto devs
No familiar laundering tactics
ZachXBT had previously dismissed the theory that North Koreaโs Lazarus Group could have been behind the attack, suggesting independent hackers were responsible.
While attribution remains uncertain, experts agree the laundering tactics show rare automation and coordination for a heist of this magnitude.
โSo far, we havenโt been able to confidently link this activity to any known hacker group, as the laundering methods used โ while sophisticated โ donโt clearly match the signature patterns of previously identified actors,โ Unal noted.
He recommended using multisignature (multisig) wallets to eliminate single points of failure, minimizing exposure to hot wallets connected to the internet, regularly rotating private keys, and relying on hardware-based cold storage to safeguard large Bitcoin holdings.
In the first quarter of 2025, hackersย stole more than $1.6 billion worth of cryptoย from exchanges and onchain smart contracts, blockchain security firm PeckShield said in an April report.ย
More than 90% of those losses are attributable to aย $1.5 billion attack on Bybit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.
Magazine:ย TV hit Peaky Blinders to launch crypto game, FIFA Rivals on Polkadot: Web3 Gamer
