![](\"http:\/\/www.almatalent.net\/wp-content\/uploads\/2025\/04\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjUtMDQvMDE5Njg2OWMtM2E0OC03MmI0LWEyYjQtYjc2MzAzYThkNWRk.jpg\")
<\/p>\n<\/p>\n<\/p>\n<\/p>\n
<\/p>\n
An elderly US individual is reportedly the victim of a devastating $330 million Bitcoin heist, now ranked as the fifth-largest crypto hack in history.<\/p>\n
The attacker used advanced social engineering tactics to gain access to the victim\u2019s wallet, onchain investigator ZachXBT said in an April 30 update<\/a> on X.<\/p>\n The hack took place on April 28, 2025, when ZachXBT flagged a suspicious transfer involving 3,520 Bitcoin (BTC<\/a>), valued at $330.7 million.<\/p>\n Following the transfer, the stolen stash was quickly laundered through over six instant exchanges and swapped into privacy-focused cryptocurrency Monero (XMR<\/a>).<\/p>\n Onchain data shows that the victim had held over 3,000 BTC since 2017, with no prior history of large-scale transactions.<\/p>\n Once stolen, the attacker wasted no time laundering the Bitcoin using a peel chain method \u2014 a common obfuscation technique in which large sums are broken into smaller, harder-to-trace chunks.<\/p>\n \u201c$330M in BTC was received in two transactions, then immediately distributed via peel chains,\u201d Yehor Rudytsia, onchain researcher at Hacken, explained to Cointelegraph.<\/p>\n \u201cFunds started to flow into multiple instant exchanges \/ mixers with small amounts, then mixers were distributing funds across multiple new wallets. The biggest funnelling chain is now consists of 40+ wallets.\u201d<\/p><\/blockquote>\n Related: <\/strong><\/em>Loopscale recovers $2.8M after weekend DeFi hack and bounty talks<\/strong><\/em><\/a><\/p>\n Hacken\u2019s internal tool, Extractor, tracked $284 million worth of BTC funneled through these chains, which now amounts to around $60 million after repeated \u201cpeeling\u201d and redistribution across low-credibility exchanges.<\/p>\n Rudytsia said over 300 hacker wallets and 20+ exchanges or payment services were involved, including Binance.<\/p>\n Cointelegraph has reached out to Binance for comment.<\/p>\n \u201cMajor problem in cases like this (similar to Genesis creditor\u2019s 4064 BTC theft back in Aug 2024) is that freezing centralized exchange accounts used in the laundering process is hardened due to particularly slow legal process of police reporting and investigations,\u201d Rudytsia added.<\/p>\n Adding to the complexity, the attacker rapidly converted a significant portion of the BTC into XMR. The move triggered a 50% surge in Monero\u2019s price<\/a>, with the token briefly reaching $339.<\/p>\n \u201cOnce funds are swapped into Monero, tracing becomes virtually impossible due to its privacy-preserving architecture. The chance of recovery drops significantly after this step,\u201d Cyvers Alerts senior security operations lead Hakan Unal said.<\/p>\n Unal said that the attacker likely had pre-established accounts across multiple exchanges and OTC desks, suggesting a high degree of premeditation.<\/p>\n A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts. Investigators have since alerted exchanges for potential freezing of funds.<\/p>\n Related: <\/strong><\/em>North Korean hackers set up 3 shell companies to scam crypto devs<\/strong><\/em><\/a><\/p>\n ZachXBT had previously dismissed the theory that North Korea\u2019s Lazarus Group could have been behind the attack, suggesting independent hackers were responsible.<\/p>\n While attribution remains uncertain, experts agree the laundering tactics show rare automation and coordination for a heist of this magnitude.<\/p>\n \u201cSo far, we haven\u2019t been able to confidently link this activity to any known hacker group, as the laundering methods used \u2014 while sophisticated \u2014 don\u2019t clearly match the signature patterns of previously identified actors,\u201d Unal noted.<\/p>\n He recommended using multisignature (multisig) wallets<\/a> to eliminate single points of failure, minimizing exposure to hot wallets connected to the internet, regularly rotating private keys, and relying on hardware-based cold storage to safeguard large Bitcoin holdings.<\/p>\n In the first quarter of 2025, hackers\u00a0stole more than $1.6 billion worth of crypto<\/a>\u00a0from exchanges and onchain smart contracts, blockchain security firm PeckShield said in an April report.\u00a0<\/p>\n More than 90% of those losses are attributable to a\u00a0$1.5 billion attack on Bybit<\/a>, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group.<\/p>\nOver 300 wallets and 20 exchanges were involved<\/h2>\n
No familiar laundering tactics<\/h2>\n