- More than $90 million worth of Bitcoin was stolen after a victim was tricked by attackers posing as support staff from a crypto exchange and a hardware wallet provider.
- On-chain investigator ZachXBT confirmed the theft of 783 BTC on August 19, exactly one year after the Genesis creditor hack, though no connection between the incidents has been found.
- The stolen funds were partially routed through Wasabi Wallet, a privacy tool that mixes transactions to obscure their origin.
- ZachXBT warned that with so much personal data already leaked online, scams increasingly target individuals directly, urging users to assume every unsolicited call or email is a potential scam.
More than $90 million in Bitcoin was stolen this week in what investigators are calling a sophisticated social engineering scheme, according to blockchain analyst ZachXBT.
The theft, involving 783 BTC, occurred on August 19, the one-year anniversary of the Genesis creditor exploit, though no link between the two events has been established.
The attacker reportedly gained access by impersonating customer support agents from both a cryptocurrency exchange and a hardware wallet provider. Tactics like these, widely known as social-engineering, can be used to convincingly manipulate victims into bypassing their own security measures.
Once the victim was compromised, the stolen BTC was split and partially funneled through Wasabi Wallet, a coin-mixing protocol often used to hide transaction trails.
While blockchain data offers some visibility into the movement of funds, Wasabi’s privacy-focused design limits full traceability.
A Data Breach Problem, Not Just a Wallet Problem
When asked how an attacker could pull off such a breach, ZachXBT pointed to a growing problem in the digital world: the huge amount of personal information already circulating online. “There’s so many breaches that make your personal information widely available,” he said. “So threat actors can exploit it.”
As for how to stay safe, Zach’s advice was blunt, “Assume every call or email you receive is a scam by default,” he said.
Not North Korea This Time
Speculation spread quickly online, with some users suggesting the breach might have been the work of North Korea’s Lazarus Group. However, ZachXBT shut that down in just a few words. “It’s not DPRK,” he said, without offering further detail.
Fighting Back: Awareness Over Hardware
While no system is completely safe, security analysts advocate a layered defense that prioritizes user behavior over hardware alone.
Basic safeguards, such as strong passwords and multi-factor authentication remain essential, but experts increasingly stress the importance of adopting a “default-deny” posture, by treating all unsolicited messages or requests with suspicion.
Additional precautions, including offline backups and passphrase-protected wallets with physical confirmation, can also help limit exposure. Still, as ZachXBT noted, the most effective defense is to stay alert and treat every interaction with caution.
Read More: Crypto Exchange Gemini Moves Towards IPO as Financial Filings Reveal Losses, Ripple Credit Deal
