Bitcoin social engineering scam led to a loss of 783 BTC (about $91 million at time of theft) after attackers impersonated exchange and hardware-wallet support, then moved funds through multiple wallets and a Wasabi Wallet deposit pattern identified on-chain.
-
783 BTC stolen via support impersonation
-
Stolen funds were moved through multiple wallets and deposited into Wasabi Wallet as they peeled off.
-
On-chain investigator ZachXBT linked the scheme to prior large thefts using similar social engineering tactics.
Meta description: Bitcoin social engineering scam: 783 BTC ($91M) stolen after support impersonation. Learn prevention steps — read now.
What happened in the Bitcoin social engineering scam that stole 783 BTC?
Bitcoin social engineering scam victims were targeted by impersonators posing as hardware-wallet and exchange customer support, convincing one investor to transfer assets. The attacker moved 783 BTC through multiple addresses and made deposits to Wasabi Wallet as the funds were peeled off, according to blockchain investigator ZachXBT.
How did the attacker move 783 BTC after the theft?
The attacker split the 783 BTC across several wallets, then routed portions into Wasabi Wallet deposits to increase privacy. On-chain tracing showed a pattern of small-to-medium sized transfers (“peeling chains”) consistent with laundering strategies observed in prior cases.
Why did impersonation work in this incident?
Attackers used realistic support messaging and phone/Telegram contact to impersonate customer support for a hardware wallet and an exchange. Social engineering exploits trust and urgency; victims are often led to reveal recovery phrases or approve transactions under false pretenses.
What on-chain evidence links this theft to past scams?
Blockchain analysis showed a similar “peel chain” movement to a separate 4,064 BTC theft alleged by the same investigator one year earlier. Patterns include rapid splitting of large balances, intermediary wallets, and deposits to privacy tools like Wasabi Wallet.
How can crypto users protect themselves from social engineering?
Protecting assets requires layered defenses and strict operational security.
- Verify support channels: Always confirm official support contact information on the vendor’s verified website before engaging.
- Never share seeds: Never disclose seed phrases, private keys, or one-time codes to anyone claiming to be support.
- Avoid SMS 2FA: Use authenticator apps or hardware security keys instead of SMS-based two-factor authentication.
- Limit phone-based recovery: Disable call forwarding and routinely check mobile account settings with your carrier.
- Use transaction verification: Independently verify withdrawal addresses and requests using a separate trusted device.
Frequently Asked Questions
How does impersonation lead to large crypto thefts?
Impersonation convinces victims to reveal secrets or change security settings. Combined with tactics like SIM swapping and phishing, attackers can bypass authentication and approve transfers in minutes.
What signs should users watch for to spot a scam?
Warning signs include unsolicited contact claiming urgency, requests for seed phrases or codes, unexpected links or files, and pressure to bypass security processes. Pause and verify before acting.
Key Takeaways
- Major loss: 783 BTC (~$91M) stolen after support impersonation.
- On-chain trace: Funds were peeled across wallets and deposited into Wasabi Wallet.
- Protective actions: Verify official channels, never share seeds, prefer authenticator apps or hardware keys over SMS, and monitor on-chain movements.
Conclusion
This Bitcoin social engineering scam highlights how impersonation of exchange and hardware-wallet support can yield rapid, high-value thefts. Prioritize operational security, verify every support interaction, and use robust authentication to reduce risk. For updates and further guidance, consult COINOTAG resources and official vendor support pages.
On-chain sleuth note: “On Aug 19, 2025 a victim fell for a social engineering scam and lost 783 BTC ($91M) after exchange and hardware wallet customer support were impersonated. The stolen funds began to peel off and deposits to Wasabi were made by the threat actor. Coincidentally this theft…” — ZachXBT (tweet text preserved as plain text)
