Overview
- On-chain analyst ZachXBT flagged the January 10 breach as 1,459 BTC and roughly 2.05 million LTC were moved within minutes.
- The attacker reportedly impersonated Trezor support to obtain the victim’s seed phrase, enabling full wallet restoration and control.
- Funds were fragmented through instant swap services and THORChain bridges, with large conversions into privacy-focused Monero.
- Security firm ZeroShadow said it froze about $700,000 shortly after the theft, while most of the roughly $282 million remains unrecovered.
- ZachXBT dismissed state-sponsored involvement, and analysts noted an unusual Monero price surge that coincided with the laundering activity.