Hackers exploited trust, not code, to steal and launder massive crypto funds. Monero surged following rapid Bitcoin and Litecoin swaps across chains. THORChain enabled silent laundering through permissionless cross-chain transactions.
A major crypto scam has shaken digital asset markets after stolen funds triggered sharp price movements across multiple networks, with blockchain investigator ZachXBT revealing the use of social engineering instead of technical exploits. The case has drawn attention due to the sheer scale of the theft and the sophisticated laundering methods involved.
The incident unfolded after the victim unknowingly approved fraudulent transactions, while psychological pressure undermined the protection offered by a hardware wallet. As a result, the approvals appeared valid on-chain and successfully bypassed common security warnings.
Soon after gaining control of the assets, the attackers moved quickly to obscure the transaction trail by converting large amounts of Bitcoin and Litecoin into Monero. These conversions took place on instant crypto exchange platforms that allowed fast swaps without identity verification.
Market impact followed almost immediately because Monero trades with relatively lower liquidity compared to Bitcoin. Consequently, the sudden surge in demand pushed XMR prices up by more than 60% within a short period, with traders across major platforms noticing unusual volatility.
Cross-Chain Swaps Deepen Market Disruption
Beyond Monero, the laundering strategy expanded across several blockchains, with Bitcoin moving into Ethereum, Ripple, and Litecoin networks through THORChain. The protocol enables direct cross-chain swaps without centralized intermediaries, which allowed the attackers to move funds quickly.
THORChain has increasingly attracted illicit activity because its permissionless design allows users to transfer assets freely. Additionally, the absence of KYC checks reduces friction for large transfers, which investigators say complicates tracking efforts.
Transaction data highlighted the scale of the swaps, with the attackers exchanging 818 BTC valued at about $78 million. They also converted funds into 19,631 ETH worth roughly $64.5 million, while 3.15 million XRP valued near $6.5 million changed hands, followed by 77,285 LTC worth about $5.8 million.
Wallet Activity Exposes the Scope of the Theft
On-chain analysis linked the stolen funds to three primary wallet addresses, which received a combined 1,459 BTC and 2.05 million LTC, as confirmed by ZachXBT. Two of the wallets tracked Bitcoin movements, while one handled Litecoin transfers, underscoring the exceptional scale of the operation.
Despite the extensive laundering, activity appears ongoing, with a significant amount of Bitcoin remaining idle in a wallet believed to belong to the attackers. This pause suggests a calculated effort to avoid immediate scrutiny while attention remains high.
ZachXBT noted that the theft exceeds the $243 million personal scams tracked during 2024, placing it among the largest of its kind. Unlike exchange breaches, this case targeted an individual directly and highlights the growing risk posed by social engineering in crypto.