A cryptocurrency investor lost over $282 million in Bitcoin and Litecoin after scammers impersonated Trezor support to steal a recovery seed phrase. The theft, revealed on January 16, 2026, by investigator ZachXBT, involved 1,459 Bitcoin and 2.05 million Litecoin stolen on January 10. The attacker laundered funds through Thorchain and converted them to Monero, causing the privacy coin's price to surge 36%.
On January 10, 2026, around 11 pm UTC, a crypto holder fell victim to a social engineering scam targeting Trezor hardware wallets, one of the most secure storage methods since private keys remain on the device. The attackers impersonated Trezor customer support, tricking the victim into revealing their recovery seed phrase and gaining full control of the assets. This resulted in the theft of 1,459 Bitcoin (BTC) and 2.05 million Litecoin (LTC), totaling more than $282 million—the largest individual crypto heist of 2026 so far.
Blockchain investigator ZachXBT disclosed the breach on January 16, tracking the stolen funds across multiple chains. Cybersecurity firm ZeroShadow confirmed the impersonation tactic and monitored the laundering process. The attacker used Thorchain, a decentralized exchange, to bridge the Bitcoin into Ethereum (ETH), Ripple (XRP), and Litecoin networks, drawing criticism for facilitating criminal activity.
A significant portion of the loot was then swapped into Monero (XMR), a privacy-focused cryptocurrency that obscures transaction details. ZeroShadow intervened, freezing over $1 million before it could be converted. Despite this, the large-scale buying pressure drove Monero's price up 36% over seven days, peaking near $800 before correcting to about $621.
“ZeroShadow tracked the outbound flows and froze over $1M before it could be swapped into XMR. The activity that could get through is likely increasing XMR’s price,” ZeroShadow stated.
This incident is part of a broader January 2026 campaign draining hundreds of wallets across EVM-compatible chains, with smaller individual losses typically under $2,000. Blockchain analytics firm Chainalysis reported a 1,400% year-over-year increase in impersonation scams, with average losses rising over 600%. In contrast, December 2025 saw 26 major exploits totaling $76 million in losses, a 60% decline from November's $194.27 million, per PeckShield. The rebound in January highlights ongoing security challenges in the sector, emphasizing the need for users to verify communications through official channels and avoid sharing seed phrases.
