- Attacker used phishing and trust-building tactics to steal 3,520 BTC from an elderly crypto holder.
- Stolen Bitcoin was funneled through exchanges and converted to Monero, spiking its price drastically.
- The BTC’s origins raise suspicion of early-mined coins, suggesting deeper planning or insider access.
One of the biggest thefts in crypto history has come to light. This time, the victim of the theft was not a major exchange or defi protocol, but an elderly American citizen. The attacker stole around $330 million worth of Bitcoin using social engineering rather than technical expertise, as is common in personal thefts. Here’s how the theft went down according to on-chain investigator, Zach XBT.
3,520 BTC Vanishes in a Weekend
Over the weekend, around 3,520 BTC (worth around $330 million at the time) was transferred out of the victim’s wallet. The attacker then sent the stolen funds through at least six centralized exchanges. As if this was not enough to cover their trail, the attacker converted the Bitcoin into Monero (XMR), which is known for its untraceable transactions.
This sudden disappearance of funds caused a major surge in Monero’s price, raising it by around 50% within a day. The move not only shook up the markets due to Monero’s low liquidity but it also showed how high-value swaps can easily affect token prices.
What Is a Social Engineering Scam?
Scammers utilize social engineering methods instead of targeting software code vulnerabilities because they prey on human vulnerabilities. Code attacks are not the focus of these scams which instead use deception to steal sensitive data from victims. Scammers gradually establish trust with victims so they disclose their passwords and personal information along with wallet seed phrases and private keys.
According to ZachXBT, the thief deceived the victim into voluntarily giving access to their wallet, likely through phishing emails, fake support chats or impersonation. These methods are common in scams that target crypto holders, especially those who may not be tech-savvy (like the elderly or crypto newcomers).
In this case, the victim’s age may have made them more vulnerable according to ZachXBT. While further details are still private, the attacker likely spent time building trust with their victim, with the end goal of gaining control of their funds.
The Origins of the Bitcoin
ZachXBT also noted that the stolen Bitcoin came from “interesting sources.” These funds are believed to have been held for many years and could have been early-mined coins, or BTC that was purchased before regulations/KYC checks became tight.
This conundrum raises a few questions. Did the attacker target this specific person because of the type of Bitcoin they owned?
If the attacker specifically targeted this individual, how did they trace the wallet back to the victim? Could someone with inside knowledge have been involved? This massive $330 million Bitcoin theft from an elderly American raises the unsettling possibility of an internal connection. Prior to this incident coming to light, Immunefi had reported approximately $92.5 million in crypto-related losses for April 2025.
However, this single incident has pushed the total nearly towards a 400% increase and a value of more than $420 million. This means that April is now officially one of the most devastating months in recent memory for crypto security.
Despite the scale of the theft, no U.S. law enforcement agency has confirmed an investigation. However, due to the use of U.S.-based exchanges and the victim’s location, federal agencies like the FBI and the DOJ are likely to get involved very soon.