An elderly US citizen fell victim to a $330 million Bitcoin heist, now regarded as the fifth-largest in cryptocurrency history. The attacker employed advanced social engineering techniques to access the victim’s wallet. Following the theft on April 28, the stolen Bitcoin was quickly laundered through multiple exchanges and into Monero. The laundering involved over 300 wallets across 20 exchanges, complicating recovery efforts and raising significant security concerns.
An elderly resident of the United States has become the target of an astonishing $330 million Bitcoin heist, now dubbed the fifth-largest cryptocurrency breach to date. According to onchain investigator ZachXBT, some clever social engineering tactics were employed by the attackers to access the victim’s Bitcoin wallet. The event was flagged on April 30 for a transfer that happened on April 28, 2025, involving a staggering 3,520 Bitcoin (BTC), valued at approximately $330.7 million.
After the theft, the criminals wasted no time in laundering their gains through a series of swift exchanges, converting the Bitcoin into Monero (XMR), a privacy-focused cryptocurrency. One notable aspect of this case is that the victim had stored over 3,000 BTC since 2017 without any major transactions prior to this incident. This suggests that the funds were relatively untouched until the heist occurred.
According to Yehor Rudytsia, an onchain researcher from Hacken, the funds were received in two transactions and then convoluted into smaller amounts via a method known as the peel chain. This technique effectively breaks larger sums into less conspicuous amounts, making them more difficult to trace. “$330M in BTC was received and then immediately distributed, with funds now spread across over 40 wallets,” Rudytsia explained.
Hacken’s internal tool, Extractor, has tracked about $284 million of the stolen Bitcoin as it circulated through numerous wallets and exchanges. It’s estimated that, after several rounds of redistribution, roughly $60 million remains in play. Notably, more than 300 hacker wallets and over 20 exchanges were identified as part of this laundering operation, including major platforms like Binance, which has been approached for comment.
The situation raises serious concerns, especially considering the slow legal processes involved in freezing account activity at centralized exchanges. This parallels a previous incident from August 2024, which saw 4064 BTC stolen from a Genesis creditor, underscoring the challenges experts face in these investigations.
Rudytsia also pointed out that the rapid transformation of a large portion of the BTC into XMR complicated recovery efforts even further. This action triggered a considerable price hike for Monero, which surged by 50% to around $339. “Once the funds are in Monero, tracing them becomes nearly impossible due to its privacy features,” noted Hakan Unal from Cyvers Alerts, highlighting the difficulty of future recoveries post-swap.
The analysis suggests that the attacker had very likely established accounts across numerous exchanges ahead of the heist, hinting at a meticulously planned operation, rather than a spur-of-the-moment act. Some stolen funds were additionally bridged to Ethereum and placed on various platforms, further muddying the water for investigators. Notifications have been sent out to exchanges to potentially freeze any linked funds.
Interestingly, ZachXBT speculated that this hacking effort wasn’t associated with infamous groups like North Korea’s Lazarus Group, advocating that it might be the work of independent hackers instead. Despite fierce uncertainties over attribution, the intricate laundering tactics used indicate a level of sophistication not typically seen in previous attacks of this size.
Unal suggests techniques to bolster security for crypto assets such as multisignature wallets, reducing reliance on online hot wallets, frequently changing private keys, and leveraging hardware wallets for keeping significant amounts of Bitcoin safer. A report from PeckShield indicated that hackers stole over $1.6 billion in cryptocurrency in just the first quarter of 2025, with a staggering $1.5 billion attributed to Lazarus Group’s assault on Bybit, a well-known exchange.
