91 million Bitcoin heist: On August 19, 2025, attackers used social engineering to steal 783 BTC (~$91M) from a private holder and immediately routed funds through Wasabi Wallet, complicating tracing and recovery for investigators.
-
Record theft: $91M (783 BTC) taken via social engineering.
-
Funds were quickly mixed with Wasabi Wallet, hindering forensic tracing.
-
Investigation led by independent blockchain researcher ZachXBT; no exchange-level breach detected.
91 million Bitcoin heist: Read the full account of the 783 BTC theft, mixing route, and security steps to protect assets — actionable advice from COINOTAG.
What is the 91 million Bitcoin heist?
The 91 million Bitcoin heist refers to the theft of 783 BTC (approximately $91 million) from a private holder on August 19, 2025, executed through social engineering. Attackers impersonated wallet support, gained access to keys or approval flows, and immediately laundered funds via Wasabi Wallet to frustrate tracing.
How did social engineering enable the theft and what role did Wasabi Wallet play?
Attackers used impersonation tactics to convince the victim to reveal credentials or perform an action that transferred funds. After extraction, funds were sent through Wasabi Wallet, a privacy-focused CoinJoin service, which mixed the BTC and increased on-chain analysis difficulty.
Blockchain investigator ZachXBT publicly tracked the initial movements and noted rapid CoinJoin usage. No centralized exchange withdrawals or known exchange accounts were implicated during the initial tracing window.
Why does this heist matter to crypto security?
This heist underscores a persistent reality: human-factor vulnerabilities remain a leading vector for large losses. Even as technical defenses improve, social engineering can bypass cryptographic protections by exploiting trust and support workflows.
Regulators and institutions are increasingly focused on improving key management and customer authentication to reduce exposure to these tactics.
What evidence links the theft to social engineering?
Chain analysis shows direct movement from the victim wallet to addresses controlled by the attackers, with no preceding smart-contract exploit or protocol-level vulnerability. Public forensic commentary from analysts such as ZachXBT identifies impersonation patterns and the immediate use of a CoinJoin service, consistent with social engineering outcomes.
How can holders protect themselves from similar attacks?
- Use hardware wallets: Keep private keys offline and verify transactions on-device.
- Verify support channels: Contact official support only through documented channels; do not accept unsolicited messages.
- Enable multi-factor and multi-signature: Use multi-party approval for large transfers.
- Practice phishing hygiene: Confirm domains and avoid clicking links in unsolicited messages.
Frequently Asked Questions
How much was stolen in the August 19, 2025 heist?
Investigators confirmed 783 BTC were moved from the victim wallet, valued at approximately $91 million at the time of the theft. The funds were quickly routed through Wasabi Wallet CoinJoin transactions.
Can mixed funds be traced and recovered?
Mixed funds are harder to trace but not necessarily impossible to analyze. Recovery depends on operational errors by attackers, cooperation from custodians, and law enforcement actions. Historically, recovery rates vary and require detailed blockchain forensics.
Key Takeaways
- Massive loss: 783 BTC (~$91M) stolen via social engineering on August 19, 2025.
- Privacy tools used: Attackers used Wasabi Wallet CoinJoin immediately, complicating tracing.
- Protection steps: Hardware wallets, multi-signature custody, and verification of support channels are essential.
Comparison: August 19, 2025 heist vs. notable past breach
| Incident | Date | Amount | Method | Mixing/Tool | Recovery Status |
|---|---|---|---|---|---|
| 91M Bitcoin heist | 2025-08-19 | 783 BTC (~$91M) | Social engineering (support impersonation) | Wasabi Wallet (CoinJoin) | Ongoing investigation |
| Genesis-related breaches (example) | 2024 (series) | Aggregate ~$3.1B (various incidents) | Phishing, theft, platform failures | Varied | Partial recoveries, ongoing litigation |
Conclusion
This incident demonstrates that social engineering remains a high-impact threat even for large holders. COINOTAG recommends immediate adoption of hardware custody, multi-signature policies, and strict verification of support channels. Continued forensic work and improved institutional controls are critical to reduce future losses.
Published: 2025-08-19 Updated: 2025-08-19 Author/Organization: COINOTAG
