{"id":26369,"date":"2025-08-22T09:55:59","date_gmt":"2025-08-22T06:55:59","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=26369"},"modified":"2025-08-22T17:57:18","modified_gmt":"2025-08-22T14:57:18","slug":"bitcoin-investor-defrauded-of-91-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/bitcoin-investor-defrauded-of-91-million\/","title":{"rendered":"Bitcoin Investor Defrauded of $91 Million"},"content":{"rendered":"<p>An individual lost 783 BTC (~$91 million) due to a social engineering attack, as reported by on-chain investigator ZachXBT.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">On Aug 19, 2025 a victim fell for a social engineering scam and lost 783 BTC ($91M) after exchange and hardware wallet customer support were impersonated. <\/p>\n<p>The stolen funds began to peel off and deposits to Wasabi were made by the threat actor.<\/p>\n<p>Coincidentally this theft\u2026 <a href=\"https:\/\/t.co\/gglShNo2UC\">pic.twitter.com\/gglShNo2UC<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1958583129356345414?ref_src=twsrc%5Etfw\">August 21, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to him, the incident occurred on August 19 and coincided with the anniversary of the Genesis lender hack, which <a href=\"https:\/\/forklog.com\/en\/news\/expert-suggests-238-million-hack-of-unknown-genesis-trading-creditor\">lost<\/a> $243 million.<\/p>\n<p>The perpetrators posed as representatives of a cryptocurrency exchange and hardware wallet support service. This enabled them to access the bitcoin investor&#8217;s personal data and transfer all funds from his balance in a single transaction.<\/p>\n<p>The hacker began laundering the stolen funds through the privacy-focused Wasabi wallet the day after the theft. ZachXBT <a href=\"https:\/\/x.com\/zachxbt\/status\/1958585553269743668\">ruled out<\/a> the involvement of the North Korean hacker group Lazarus but did not name specific suspects.<\/p>\n<p>In response to a question on how to protect against such attacks, the on-chain investigator <a href=\"https:\/\/x.com\/zachxbt\/status\/1958584127093117223\">advised<\/a> treating any incoming call or email as a potential scam by default.<\/p>\n<p>Earlier, in an interview with ForkLog, Shard&#8217;s Director of Investigations Grigory Osipov <a href=\"https:\/\/forklog.com\/en\/news\/attacks-have-become-more-complex-attacks-have-become-more-deliberate\">noted<\/a> that social engineering is currently the most common type of attack.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThat is, manipulating employees of crypto services or company workers to penetrate vulnerable systems. Thus, there is a kind of combination of social and traditional hacking methods,\u201d he explained.<\/p>\n<\/blockquote>\n<p>Back in May, scammers <a href=\"https:\/\/forklog.com\/en\/news\/fraudsters-steal-45-million-from-coinbase-clients-in-a-week\">stole<\/a> $45 million from Coinbase clients in a week. They posed as exchange support staff and coerced victims into giving access to accounts or transferring funds to external wallets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An individual lost 783 BTC (~$91 million) due to a social engineering attack.<\/p>\n","protected":false},"author":1,"featured_media":26370,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"ZachXBT ruled out the involvement of North Korean hackers Lazarus","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[18,44,1246],"class_list":["post-26369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitcoin","tag-cybercrime","tag-scammers"],"aioseo_notices":[],"amp_enabled":true,"views":"362","promo_type":"1","layout_type":"1","short_excerpt":"ZachXBT ruled out the involvement of North Korean hackers Lazarus","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/26369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=26369"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/26369\/revisions"}],"predecessor-version":[{"id":26371,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/26369\/revisions\/26371"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/26370"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=26369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=26369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=26369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}