In January 2026, a crypto holder lost an estimated $282 million in Bitcoin and Litecoin due to a social engineering incident. The user protected their assets with a hardware wallet but was tricked into sending them to an attacker through a customer support social engineering scam.
Inside the Attack
Hardware wallets are a security best practice in the crypto space. Storing keys on these wallets reduces the risk that they will be stolen by an attacker via malware or other means. However, they don’t defend against social engineering hacks.
In the largest social engineering hack of a crypto user to date, an attacker impersonated the customer support team from Trezor to steal an estimated $282 million from a crypto holder. As part of the scam, the attacker convinced the user to hand over the seed phrase for their hardware wallet.
Seed phrases or mnemonic phrases are a series of words that represent a private key. Since these are easier to remember, write down, and enter into a system without making a mistake, they improve the usability of crypto wallets. However, these phrases are equivalent to a private key, and someone with a seed phrase can calculate the corresponding key and generate valid digital signatures for the targeted account(s). For hardware wallets, a seed phrase is used as the basis for generating a set of private keys used to secure other on-chain accounts.
In this case, the attacker drained about $282 million in BTC and LTC from the accounts secured by the hardware wallet. Some of the funds were converted to Monero, and some Bitcoin was transferred to Ethereum, Ripple, and Litecoin.
Lessons Learned from the Attack
This social engineering attack demonstrated the importance of considering attack vectors that target the human in addition to those exploiting technical vulnerabilities. In this case, the target of the attack used a hardware wallet, which wasn’t exposed via cryptographic failures, supply chain issues, or similar threats.
Instead, the attacker tricked the user into revealing a highly-sensitive piece of information: the seed phrase for their hardware wallet. With this information, the protection offered by the hardware wallet is nullified since every key it contains can be calculated using this phrase. For this reason, no legitimate customer support service will ask for the seed phrase of a user’s hardware wallet.
Social engineering is a major threat to private keys, but it’s not the only one. Learn more about the top threats to private key security.