$89 Million Gone: How Social Engineering Stole a Fortune in Bitcoin
A massive cryptocurrency theft has once again revealed how vulnerable users remain to the manipulations of social engineering. On August 19, an anonymous Bitcoin holder was stripped of 783 BTC — roughly $89 million — after fraudsters posed as support staff from both a cryptocurrency exchange and a hardware wallet manufacturer.
According to blockchain investigator ZachXBT, the criminals took meticulous steps to erase their tracks: the stolen funds were funneled through a Wasabi wallet, a tool designed to obscure transaction histories. By the time of reporting, the address had already been emptied. Strikingly, the incident coincided with the anniversary of another major heist — in August 2024, attackers stole $243 million from Genesis creditors. This time, however, ZachXBT noted that North Korean hackers were not involved.
Such attacks are largely enabled by the vast reservoirs of personal data exposed through countless online service breaches. A phone number, an email address, or even minor personal details can empower criminals to convincingly impersonate company representatives. In an age where artificial intelligence fabricates ever more convincing imitations, discerning a genuine call or message from a fraudulent one has become exceedingly difficult.
In spring 2025, fraudsters employed a similar ruse, sending emails masquerading as official communications from Ledger, warning of a supposed “critical security update” and urging victims to verify their wallets. Following the instructions led directly to the compromise of their devices. Today, such counterfeit campaigns engulf the entire crypto ecosystem: not only hardware wallet makers but also exchanges, custodial services, and virtually any company tied to digital assets are being imitated.
The FBI, in its advisories, underscores a crucial principle: never respond to calls, emails, or messages that request passwords, PIN codes, or one-time verification codes sent via SMS or email. Equally dangerous is the public sharing of personal details such as mobile numbers, home addresses, or any other identifying information.
The theft of nearly $90 million serves as a stark reminder: in a world where data breaches have become routine, the only viable defense is a default assumption — that every unsolicited interaction may well be an attempt at deception.
