Key Takeaways
- Social engineering scam: A single victim lost 783 Bitcoin (BTC), around $91 million, to attackers impersonating exchange and hardware wallet support.
- Funds were laundered through Wasabi Wallet, a Bitcoin privacy tool, often used to hide transaction trails.
- 2025 (first half only) has seen $3.1 billion in crypto losses, with social engineering scams rising sharply.
Table of Contents
The $91M Heist: How Trust Was Weaponized
This week, an investor lost $91 million worth of Bitcoin (BTC) as a result of a sophisticated social engineering scam. This attack stands as a devastating reminder that most of crypto’s greatest vulnerabilities often sit between the keyboard and chair.
According to blockchain sleuth ZachXBT, the attack was perpetrated by impostors posing as hardware wallet and exchange customer support, a deceptively simple and effective tactic that used conventional attack vectors to get around technical safeguards entirely.
In an ironic twist (on the first anniversary of the $243 million theft of customer assets during the collapse of Genesis), on August 19, the victim transferred 783 BTC, worth around $91 million, after being convinced to share credentials by actors impersonating legitimate support teams. Within hours, the coins were sent to Wasabi Wallet, which is used as a privacy mix tool to erase transaction trails.
Social Engineering Scam: Crypto’s Silent Killer
This is not a one-off. Earlier this year, an elderly American lost $330 million to a similar scheme, while 2025 first half only has already seen an astonishing $3.1B in crypto losses.
Alarming, just a couple of days ago, a North Wales crypto hodler, fell victim to a social engineering scam through a sophisticated cold wallet threat, losing $2.8 million worth of crypto. This time, the scammers impersonated UK police officers.
In contrast to exchange hacks or smart contract exploits, a social engineering scam is exploited through the human psyche and not through code. Scammers impersonate as trusted entities (e.g., Ledger, Trezor, exchanges) to steal seeds or passwords, which are keys to the castle.
ZachXBT suggested this was not a Lazarus Group from North Korea, but likely just opportunistic criminals taking advantage of support infrastructure gaps. As crypto adoption grows, so too does the attack surface for these low-tech, high-reward attack methods.
Protecting Yourself: Lessons From a $91M Mistake
- Never share seeds or passwords: Legitimate support will never ask for these.
- Verify contacts independently: If you received an unsolicited message (or call), you should contact back through official websites/channels.
- Use multisig wallets: Require more than one approved signature on large transfers.
This tragedy highlights a painful lesson: in crypto, you’re your own bank, and therefore, your own security guard.
Final Thought: While headlines focus on ETFs and institutional adoption, this heist reminds us that individual security is crypto’s weakest link. The human layer is the most challenging and hardest to patch.
FAQs
How was this social engineering scam discovered?
Blockchain sleuth ZachXBT tracked the suspicious transaction to a clean address, followed by Wasabi Wallet deposits.
Can the funds be recovered?
Unlikely, because privacy tools like Wasabi hide trails, though exchanges may freeze off-ramped amounts.
What makes social engineering effective?
It exploits trust in reputable brands and urgency (“critical update required”).
For more crypto crime stories, read: Cybercrime Alarm: GreedyBear Hackers Steal $1M Via Weaponized Firefox Extensions
