A Shocking $330 Million Bitcoin Heist: The Elderly Victim
In a shocking turn of events, an elderly US citizen has fallen victim to a devastating $330 million Bitcoin heist, ranking as the fifth-largest cryptocurrency hack in history. Onchain investigator ZachXBT revealed the details on April 30, stating that advanced social engineering tactics were employed by the attacker to gain control of the victim’s wallet.
The hack transpired on April 28, 2025, when ZachXBT noticed a suspicious transfer involving 3,520 Bitcoin (BTC), worth $330.7 million at the time. Following the transfer, the stolen funds were rapidly laundered through over six instant exchanges and converted into the privacy-focused cryptocurrency Monero (XMR). Onchain data indicates that the victim had held over 3,000 BTC since 2017, with no history of prior large-scale transactions.
Sophisticated Laundering Techniques
The attacker wasted no time in laundering the stolen Bitcoin using a “peel chain” method, a commonly used technique to obscure large sums by breaking them down into smaller, less traceable chunks. Yehor Rudytsia, an onchain researcher at Hacken, described the process: “$330M in BTC was received in two transactions, then immediately distributed via peel chains. Funds started to flow into multiple instant exchanges / mixers with small amounts, then mixers were distributing funds across multiple new wallets. The biggest funnelling chain is now consists of 40+ wallets.”
Hacken‘s internal tool, Extractor, tracked $284 million worth of BTC channeled through these chains, which now amounts to roughly $60 million after multiple “peeling” and redistributions across low-reliability exchanges. Rudytsia noted that over 300 hacker wallets and 20+ exchanges or payment services were involved, including Binance.
Challenges in Recovery
The rapid conversion of a significant portion of the stolen BTC into XMR added another layer of complexity to recovery efforts. The move triggered a 50% surge in Monero‘s price, briefly pushing the token to $339. Hakan Unal, senior security operations lead at Cyvers Alerts, explained: “Once funds are swapped into Monero, tracing becomes virtually impossible due to its privacy-preserving architecture. The chance of recovery drops significantly after this step.”
Unal believes that the attacker likely had pre-established accounts on multiple exchanges and over-the-counter (OTC) desks, suggesting a high level of premeditation. A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts.
Uncertainty Surrounding the Attacker
While the attacker’s identity remains unclear, ZachXBT initially ruled out North Korea’s Lazarus Group as being responsible, suggesting independent hackers were behind the attack. However, experts agree that the laundering techniques employed in this heist demonstrate rare automation and coordination, making attribution challenging.
“So far, we haven’t been able to confidently link this activity to any known hacker group, as the laundering methods used — while sophisticated — don’t clearly match the signature patterns of previously identified actors,” said Unal.
Lessons Learned
This incident serves as a stark reminder of the vulnerabilities within the cryptocurrency ecosystem. Experts emphasize the importance of adopting best security practices, including:
- Using multisignature (multisig) wallets to eliminate single points of failure
- Minimizing exposure of hot wallets connected to the internet
- Regularly rotating private keys
- Utilizing hardware-based cold storage for safeguarding large Bitcoin holdings
The sheer scale of this hack underscores the critical need for enhanced security measures to protect individuals and institutions from increasingly sophisticated cyber threats. As the cryptocurrency space continues to evolve, it is crucial to remain vigilant and prioritize robust security protocols.
