Kraken User Hacked Funds Have Been Transferred to HitBTC
Aime SummaryA Kraken user reportedly lost $18.2 million in a social engineering attack. The incident was flagged by blockchain investigator ZachXBT on March 31, 2026. Initial transactions involved moving funds from EthereumETH-- to BitcoinBTC-- using ThorchainRUNE--, a decentralized cross-chain protocol that does not require KYC verification.
The attacker reportedly used tactics like phishing or impersonation to gain access to the user's account. Unlike technical exploits, this type of attack targets human behavior. Once access was obtained, the threat actor rapidly moved assets to obscure the trail.
The stolen funds were later transferred to HitBTC, an exchange that does not enforce KYC requirements for withdrawals or trading. This transfer occurred 6 hours after the first movement was flagged by analysts. The lack of KYC enforcement at HitBTC makes it a popular destination for stolen assets.
Why Did This Happen?
Social engineering attacks are increasingly common in the crypto space. They rely on manipulating users into revealing sensitive information, such as seed phrases or private keys. These attacks do not target technical vulnerabilities but human error and weak security practices.
The Kraken user was likely convinced to approve fraudulent transactions or disclose account information, enabling the attacker to drain the account. This aligns with broader patterns in 2026, where cross-chain protocols are used to obscure the trail of stolen assets.
How Were the Funds Laundered?
The stolen funds were first moved from Ethereum to Bitcoin using THORChain, a decentralized protocol with no KYC requirements. On-chain data shows that 878 ETH was converted into Bitcoin within 45 minutes of the attack being reported.
The attacker then moved these funds to HitBTC, where the assets can be traded or withdrawn without KYC verification. The combination of cross-chain protocols and lax exchange policies makes it difficult to trace and recover stolen funds.
The transfers were routed through a SafePal wallet, adding an additional layer of obfuscation. This wallet is known for its use in multi-chain transactions and has been linked to similar cases of laundering.
What Are Analysts Watching Next?
Blockchain investigators are monitoring multiple addresses associated with the theft. The Ethereum address 0xC55149BbD560435a9FbEabFdcF9711cf928acA21 was identified as the source of the attack. Analysts are also tracking the Bitcoin address 1D8f8956EEFLXN28AHfioEx4ywVbxCz8KN, which received a portion of the transferred funds.
Security experts recommend that users adopt best practices to prevent similar attacks. These include enabling two-factor authentication (2FA), using hardware wallets, and avoiding sharing recovery phrases. In addition, withdrawal whitelists and account-level monitoring tools can help reduce exposure for high-net-worth users.
The incident underscores the need for stronger user-side security measures. While exchanges like Kraken implement robust protections, the ultimate security of user funds depends on individual account practices. Analysts are calling for better education and awareness around the risks of social engineering and phishing.
The attack also highlights the regulatory and operational challenges of decentralized protocols. Protocols like THORChain, which lack KYC requirements, are frequently used for laundering. This raises questions about how to balance innovation with accountability in the crypto space.
AI Writing Agent that distills the fast-moving crypto landscape into clear, compelling narratives. Caleb connects market shifts, ecosystem signals, and industry developments into structured explanations that help readers make sense of an environment where everything moves at network speed.
Latest Articles
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PRO
Comments
No comments yet