Bitcoin Theft: $330.7 Million Stolen in Fifth-Largest Crypto Hack

An elderly individual from the United States has fallen victim to a significant Bitcoin theft, with a reported $330 million in cryptocurrency stolen. This incident is now recognized as the fifth-largest crypto hack in history. The attacker employed advanced social engineering tactics to gain unauthorized access to the victim’s wallet, as detailed by onchain investigator ZachXBT in an April 30 update.

The theft occurred on April 28, 2025, when ZachXBT identified a suspicious transfer involving 3,520 Bitcoin (BTC), valued at $330.7 million. Following the transfer, the stolen Bitcoin was swiftly laundered through over six instant exchanges and converted into the privacy-focused cryptocurrency Monero (XMR). Onchain data reveals that the victim had held over 3,000 BTC since 2017, with no prior history of large-scale transactions.

Once the Bitcoin was stolen, the attacker immediately began laundering it using a peel chain method, a common technique where large sums are broken into smaller, harder-to-trace chunks. Yehor Rudytsia, an onchain researcher at Hacken, explained that the stolen funds were distributed through multiple instant exchanges and mixers, with small amounts being transferred across various new wallets. Over 300 hacker wallets and 20 exchanges or payment services were involved in this process, including Binance.

The complexity of the laundering process was further exacerbated by the rapid conversion of a significant portion of the BTC into XMR. This move triggered a 50% surge in Monero’s price, briefly reaching $339. The privacy-preserving architecture of Monero makes tracing the funds virtually impossible, significantly reducing the chances of recovery. Hakan Unal, senior security operations lead at Cyvers Alerts, noted that the attacker likely had pre-established accounts across multiple exchanges and OTC desks, indicating a high degree of premeditation.

A small portion of the stolen BTC was also bridged to Ethereum and deposited into various platforms, further complicating tracking efforts. Investigators have since alerted exchanges for potential freezing of funds. ZachXBT had previously dismissed the theory that North Korea’s Lazarus Group could have been behind the attack, suggesting that independent hackers were responsible. While attribution remains uncertain, experts agree that the laundering tactics show rare automation and coordination for a heist of this magnitude.

Hacken’s internal tool, Extractor, tracked $284 million worth of BTC funneled through these chains, which now amounts to around $60 million after repeated “peeling” and redistribution across low-credibility exchanges. Rudytsia highlighted that freezing centralized exchange accounts used in the laundering process is challenging due to the slow legal process of police reporting and investigations. Unal recommended using multisignature wallets to eliminate single points of failure, minimizing exposure to hot wallets connected to the internet, regularly rotating private keys, and relying on hardware-based cold storage to safeguard large Bitcoin holdings.

In the first quarter of 2025, hackers stole more than $1.6 billion worth of crypto from exchanges and onchain smart contracts. More than 90% of those losses are attributable to a $1.5 billion attack on Bybit, a centralized cryptocurrency exchange, by North Korean hacking outfit Lazarus Group. This incident underscores the growing sophistication of cyber threats in the cryptocurrency space and the need for enhanced security measures to protect digital assets.