3 min read
A crypto investor lost 783 Bitcoin—valued at $91 million at the time of the attack—on Tuesday after falling victim to a social engineering scam, according to the pseudonymous blockchain sleuth ZachXBT.
The investigator said in a message on Telegram that the victim was approached by individuals impersonating customer support representatives for a hardware wallet manufacturer and a cryptocurrency exchange. The investigator did not identify the impersonated companies in question.
As of this writing, 783 Bitcoin is worth about $88 million, with the price of BTC falling in recent days.
The threat actor made several deposits to Wasabi Wallet, a privacy-focused Bitcoin “mixer” that suspended its services for U.S. users last year, as “the stolen funds began to peel off” across multiple digital wallets, according to ZachXBT.
Social engineering attacks can be lucrative in the cryptosphere. ZachXBT noted in the message that Tuesday’s loss took place exactly a year after he alleged three individuals stole 4,064 BTC, worth $243 million at the time, from a separate unnamed individual using similar tactics.
Two individuals were arrested in connection to the scheme in Florida a month later, after allegedly spending the funds on luxury cars, watches, and real estate. Targeting a creditor of collapsed crypto lender Genesis, they allegedly impersonated members of Google’s support team, convincing the victim to adjust their two-factor authentication settings.
Some social engineering scams are more complex than others. It can be as unsophisticated as “SIM swapping,” where criminals try to convince a mobile service provider to transfer a victim’s phone service to a device in their possession, according to an annual FBI report.
Infamously, an SEC staff member fell victim to a SIM swapping attack in 2024, preceding the debut of spot Bitcoin exchange-traded funds in the U.S. The regulator’s X account prematurely said that the ETFs had been approved, and an Alambama later received a 14-month prison sentence for his role in facilitating the scheme.
The Bureau explicitly warned against social engineering scams in April of last year, warning that impersonating employees is also a common social engineering tactic, along with call forwarding to access victims’ phone numbers and phishing campaigns to collect sensitive information.
Job-seekers aren’t safe either. In February, cybersecurity website Bleeping Computer identified a social engineering scam in which the hacking group Crazy Evil created a fake crypto company to get applicants to download wallet-draining malware.
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.