Blockchain security experts are tracking the aftermath of a massive theft totaling at least $282 million in digital assets that took place on January 10th, stemming from a sophisticated social engineering operation.
For instance, cryptocurrency protection specialist CertiK’s team said today that they identified deposits into the cryptocurrency mixing service Tornado Cash connected to the earlier theft this month. Based on their findings, $63 million in compromised assets were transferred to ThorSwap, a decentralized trading platform, where the stolen bitcoin (BTC) and litecoin (LTC) were exchanged for ethereum (ETH) before proceeding through the laundering operation and eventually being deposited to the mixer.
At the same time, crypto security firm zeroShadow claims that, following an alert from BTC exchange BitcoinVN regarding abnormally high transaction activity with assets tracing back to THORChain, on which ThorSwap runs, they managed to freeze $700,000 before the funds were exchanged for the privacy-oriented monero (XMR) cryptocurrency.
The heist was initially discovered by blockchain protection expert ZachXBT on January 16th. According to him, on January 10th at approximately 11 p.m. UTC, an unidentified victim lost the aforementioned millions through a hardware wallet social engineering operation.
“The attacker began converting the stolen LTC and BTC to Monero via multiple instant exchanges, causing the XMR price to sharply increase. BTC was also bridged to Ethereum, Ripple, and Litecoin via THORChain,” the security researcher stated at that time.
Following the attack, XMR surged approximately 70% over the subsequent days, although it has since retraced some of those increases.
While the identity of the victim remains unknown—whether an individual or an institution—ZachXBT asserts that the notorious North Korean threat actors are not responsible for this crime.
As previously documented, criminals are increasingly leveraging social engineering tactics to deceive users into surrendering their crypto holdings. This pattern is frequently amplified by compromised or stolen user information.
For instance, the recent incident once more implicated leading hardware wallet manufacturer Ledger, whose customer information, including names and contact details, was compromised through its third-party retail and e-commerce platform, Global-e, earlier this January.
Meanwhile, as also documented, social engineering has resulted in hundreds of millions of dollars in damages for customers of the leading crypto exchange Coinbase.
