An elderly US citizen fell victim to a $330 million Bitcoin hack, now the fifth-largest in crypto history. Sophisticated social engineering allowed the thief to access the wallet, quickly laundering the funds through exchanges into Monero. With over 300 wallets involved, tracking has become exceedingly complicated, further hampered by the speed of conversion and a slow legal process for investigations.
An elderly individual in the United States has been identified as the victim of a staggering $330 million Bitcoin theft, now ranking as the fifth-largest hack in cryptocurrency history. According to onchain investigator ZachXBT, the attacker employed sophisticated social engineering techniques to access the victim’s digital wallet. This alarming incident occurred on April 28, 2025, when ZachXBT noticed a suspicious transfer amounting to 3,520 Bitcoin (BTC), with a total value of approximately $330.7 million.
After the theft, the perpetrator was swift to launder the stolen cryptocurrency through a network of more than six instant exchanges, converting it into the privacy-focused Monero (XMR). Onchain data revealed that the victim had accumulated over 3,000 BTC since 2017, showing no prior record of major transactions. The hacker promptly began employing a peeling method — breaking the stolen Bitcoin into smaller pieces to obscure its trail.
Hacken’s Yehor Rudytsia elaborated on the laundering process, stating that the funds were received in two transactions and then rapidly distributed through peel chains to hide their origins. “Funds proceeded to multiple exchanges and mixers with smaller amounts, leading to over 40 new wallets that are currently involved in the laundering scheme,” Rudytsia told Cointelegraph.
An internal tool from Hacken tracked an astounding $284 million worth of Bitcoin that had been funneled through these routes, but the amount is now down to around $60 million due to ongoing peeling and reallocation across various low-credibility exchanges. Rudytsia indicated that over 300 hacker wallets and more than 20 exchanges and payment platforms were implicated, including the prominent exchange Binance, to which Cointelegraph has reached out for a statement.
A significant issue, according to Rudytsia, is the difficulty of freezing exchange accounts tied to money laundering. This challenge is exacerbated by the sluggish pace of police investigations and legal processes. Compounding the problem, the attacker rapidly converted a large portion of the stolen Bitcoin to XMR, causing Monero’s price to surge by 50%, briefly touching $339.
Experts warn that once funds are converted into Monero, tracking becomes nearly impossible due to its privacy-centric design, drastically reducing the chances of recovery. Hakan Unal, a senior security lead at Cyvers Alerts, suggested the thief likely had made arrangements with multiple exchanges and over-the-counter (OTC) desks, displaying a calculated approach to the heist.
Additionally, some of the stolen Bitcoin has been bridged to Ethereum and deposited on various platforms — further complicating tracking efforts. Investigators are now alerting exchanges to potentially freeze funds linked to the theft.
ZachXBT has dismissed early theories attributing the hack to North Korea’s Lazarus Group, suggesting it was likely carried out by independent hackers. While definitive attribution remains elusive, experts note that the laundering methods employed indicate a level of automation and coordination rarely seen in heists of this size.
Unal pointed out that existing laundering techniques did not match known patterns of recognised hacking groups. He strongly recommended using multisignature wallets to prevent single points of failure and reduce the risks associated with hot wallets. Regular key rotations and relying on hardware-based cold storage are also advised for protecting significant Bitcoin holdings.
In the first quarter of 2025, hackers stole over $1.6 billion in cryptocurrency from exchanges and onchain contracts, according to a report by blockchain security firm PeckShield. Notably, 90% of these losses arose from a $1.5 billion attack on Bybit, a centralised exchange attributed to the Lazarus Group.
