Hackers exploit data breaches to steal $89M in bitcoin

Published: 22 August 2025
Last updated: 22 August 2025
hands giving away bitcoin folder with personal data crypto data theft
Image by Cybernews.

The abundance of personal information available online makes criminals' work easier, as a recent major social engineering attack has shown. It left one victim without dozens of millions of USD worth of bitcoin (BTC).

Blockchain sleuth ZachXBT said that an undisclosed victim of a social engineering scam lost 783 BTC ($89 million) on August 19th as their exchange and hardware wallet customer support were impersonated.

The criminal covered their tracks using various techniques, including sending the funds to the Wasabi wallet to erase the transaction history of the stolen BTC.

ADVERTISEMENT

"Coincidentally, this theft happened on the one-year anniversary of the $243M Genesis Creditor theft," the sleuth noted, sharing the theft address and adding that it wasn’t North Korea-affiliated hackers this time. At the time of writing, the address holds no BTC.

wasabi wallet logo delete history crypto currency
Image by Cybernews.

According to ZachXBT, these types of attacks are possible because threat actors can easily find and exploit potential victims' personal information online due to multiple data breaches.

The blockchain sleuth suggested assuming that every call or email you receive is a scam by default. This attitude becomes even more relevant as AI-powered fakes become more convincing and more difficult to spot.

"It feels like the entire system is stacked against you when it comes to keeping your personal information out of the hands of bad actors," @depressivehacks reacted on the X platform, suggesting that a person would possibly need to never use any online service to protect oneself from data breaches.

As reported by Cybernews.com, scammers are impersonating all players in the crypto industry, from exchanges to hardware wallet manufacturers. For example, this past spring, scammers were impersonating hardware wallet company Ledger by sending physical letters to potential victims regarding "mandatory wallet validation" following "a critical security update."

Meanwhile, the FBI has also previously offered multiple measures for protecting oneself from social engineering.

These include: not replying to calls, emails, or text messages that request personal information, such as your password, PIN, or any one-time password sent to your email or phone, and avoiding posting personal information online, such as mobile phone number, address, or other personally identifying information.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Nadella scoffs at AI giants as Microsoft may host China’s DeepSeek
Cruel cyber training in Canada: testing if exhausted employees would fall for a 'day off' scam
Cloudflare gives AI agents temporary accounts to deploy websites without human logins
Developers giving attackers a free ride after hundreds of iPhone AI apps found exposing credentials
This tiny European country is pioneering digital ID for AI agents
Canadian lender TD tells some employees it will use software to monitor their work
ADVERTISEMENT