On January 10, 2026, blockchain investigator ZachXBT exposed a sophisticated hardware wallet engineering scam that resulted in the theft of over $282 million in cryptocurrency. The attack, which occurred around 11:00 p.m. UTC, specifically targeted the supply chain of physical hardware wallets, compromising the devices during manufacturing to gain unauthorized access to private keys.
The stolen assets comprised 2.05 million Litecoin (LTC) and 1,459 Bitcoin (BTC). This theft surpasses the previous record for a social engineering attack set in August 2024, which involved $243 million. Following the heist, the attacker began converting large portions of the stolen BTC and LTC into Monero (XMR) via multiple instant exchanges. This activity created significant buy-side pressure, causing the price of Monero to surge by over 15% within hours.
ZachXBT's detailed on-chain analysis further revealed the attacker's use of THORChain (RUNE), a decentralized cross-chain liquidity protocol, to bridge the stolen Bitcoin onto other networks including Ethereum (ETH), Ripple (XRP), and back onto Litecoin. This tactic was employed to fragment and obfuscate the trail of the stolen funds, complicating tracking efforts.
The incident forces a critical reevaluation of hardware wallet security, challenging the assumption that these devices are impervious to attack if the supply chain is compromised. It highlights the persistent threat of social engineering and sophisticated supply chain attacks in the crypto space, underscoring the intricate link between large-scale thefts and subsequent market movements in privacy-focused assets.
