The funds were quickly converted to Monero, boosting its price by up to 36%. The attackers used Thorchain to bridge BTC to other networks and try to escape with the loot. In the fast-paced world of cryptocurrencies, risks come not only from market volatility but also from sophisticated digital scams. On January 10, 2026, around 11:00 pm UTC, an anonymous user suffered one of the largest thefts in recent history: the loss of more than $282 million in Bitcoin (BTC) and Litecoin (LTC).
As revealed by on-chain researcher ZachXBT in a post on
On January 10, 2026 at around 11 pm UTC a victim lost $282M+ worth of LTC & BTC due to a hardware wallet social engineering scam.The attacker began converting the stolen LTC & BTC to Monero via multiple instant exchanges causing the XMR price to sharply increase.BTC was also…— ZachXBT (@zachxbt) January 16, 2026
The method used by the hackers was a social engineering attack. The scammers posed as employees of Trezor, the popular hardware wallet manufacturer with more than 2 million users. Those involved victim was tricked into revealing his recovery seed phrasewhich gave them full access to the funds. Once in control, the hackers acted quickly to obfuscate the trail. They converted much of the stolen assets into Monero (XMR), through instant exchanges. This massive conversion sparked a rally in the price of XMR, which rose over 36% in seven days, reaching peaks near $800 before correcting to around $621. Additionally, they used Thorchain, a decentralized cross-chain bridging protocol, to transfer BTC to networks such as Ethereum, Ripple, and Litecoin. Cybersecurity firm ZeroShadow intervened by tracking and freezing more than $700,000 in funds before they completed the conversion to Monero. This case is not isolated; highlights a trend where technical attacks give way to psychological manipulations. ZachXBT clarified that this is not a state-sponsored group, but probably independent cybercriminals. The identified theft addresses include bc1qluxw46r55wf3dnk9c652vrt4duadm3hpuktf86 for BTC and ltc1qly43c2prj4c2e85dcspzpjd36jnapnenldnr70 for LTC. The implications are profound for the community. You must always remember that you must use multiple layers of security like two-factor authenticationmulti-signatures and know that a company like Trezor, or another recognized manufacturer, will not request seed words from any of its users.