The promise of marketing is real. Hardware wallets protect private keys by storing them in a physical area that is separate from the internet. You have to check transactions by hand. You shouldn't trust anyone, but math and cryptography will keep your crypto safe. Someone lost $282 million in Bitcoin and Litecoin on January 10, 2026, nevertheless, and no code was violated. The attacker didn't crack encryption or get past firmware; they only asked for the seed phrase, and the victim handed it to them. The technology worked fine. This was an illustration of how psychology may be used to hurt others. It proved that the person who holds the digital asset is the weakest link, not the gear.
Many users believe that using hardware wallets is one of the most secure methods available for securing assets from theft. Companies such as Ledger and Trezor claim that their hardware wallets are "unhackable" because all private keys will never come into contact with online hardware, requiring users to manually approve every transaction by pressing physical buttons.
The hardware wallet provides an added layer of security by keeping the user's assets secure even when a user's computer has been compromised; however, the biggest vulnerability to the hardware wallet is the assumption that a user will never divulge their 24-word seed phrase (the master key).
The company ZeroShadow conducted an investigation into a recent attack that occurred when a hacker pretended to work for Trezor support. By using an urgent tone, the hacker convinced the victim to provide the backup for their wallet. Once the hacker had possession of the seed phrase, there were no other technical controls to protect the wallet from the hacker. The attacker then regained access to the wallet on their device, resulting in an unimaginable theft of 2.05 million Litecoin and 1,459 Bitcoin. The entire crime occurred within minutes after which the stolen funds were rapidly sent through many transactions to obfuscate their source by converting the stolen bitcoins into the cryptocurrency Monero, which provides anonymity for its users.
With the $282 million theft, the biggest single cryptocurrency heist of 2026 to date, many are wondering if this is really the largest theft in crypto history; however, this was not the first. Sixteen months ago there was a theft of $243 million when threat actors made fake phone calls (from Google and Gemini Support) to their victims, convincing them to disable two-factor authentication and grant access to someone else's screens, thereby making the victim's private keys publicly available. With this operation, also known as 'recovery scams', twelve people have been charged.
Additionally, in April 2025, an elderly American lost $330 million in Bitcoin which had been stored unused since 2017 by being misled into believing that they were giving out access to their Bitcoin wallet. The scammers immediately transferred the funds from the victim's wallet to over 300 different cryptocurrency wallets and twenty different exchanges. Although it was the fifth largest cryptocurrency theft, it is not associated with malware or any type of technical exploit; instead, it is an example of how individuals' confidence can be exploited by these types of attacks.
Finally, between January and early December 2025, $3.4 billion worth of cryptocurrency was taken through theft. The example of the American that lost $9.3 billion to the crypto theives in 2024 should serve as testament that there are certain periods when crypto theft increases at an accelerated rate and certain times when the volume of stolen digital assets is reduced. For example, during the decline the number of stolen assets from the beginning of 2025 to the end of this period was roughly 60% ($194.3M in Nov, $76M in Dec) while the increase of attacks through social engineering methods was at a record high. Therefore, the attacks over the past decade have taken" an entirely new direction to target individuals that are under the greatest amount of stress. In this case, the scammers are exploiting the victims' personal issues (i.e. family death, divorce, illness/great loss), therefore they are more likely to trust they were dealing with a representative of a legitimate company.
In the cryptocurrency world, users have a greater level of independence because they can hold their funds directly as opposed to through another institution. The adage, "If you don't hold the private keys to your own wallet, you are not really the owner," reflects this belief. However this independence can create security concerns. When you keep your funds independently, you are responsible for protecting your digital assets from being stolen or compromised. When you send a coin back to your wallet, there is no way for a bank to reverse that transaction. This is unlike the traditional financial system, where you can contact the bank and ask for help. Because Blockchain technology is irreversible, an impulsive decision may involve relinquishing funds to hackers forever.
"If you receive an unexpected e-mail, phone call, text, or any type of communication, it's a potential attack," says Navin Gupta, CEO of Crystal blockchain analytics. This shift in mindset can eliminate 80 percent of the attack vectors. The real challenge is, while many people own cryptocurrency, most of them are not trained cybersecurity professionals; they are regular everyday people who have large sums of money at stake. Cybercriminals have learned how to manipulate people into making hasty decisions based on fear and false authority.
After attackers have taken control of a victim's account, the use of laundered infrastructure allows the attackers to make changes quickly. The attackers used fast exchanges to turn their stolen bitcoin and litecoin into Monero (XMR), which increased the price of XMR from $450 to $800 (a 36% increase). THORChain enabled the creation of connections between parts of the network (e.g., XMR, ETH, XRP and LTC) without requiring any information about a user.
Hacken followed $284 million being laundered via peel chains; a technique that splits large volumes of cash into smaller quantities and sends the cash through multiple wallets over hundreds of thousands of exchanges. In April 2025, more than 300 separate wallets and 20 exchanges moved $330 million through them in a time frame of about 20 minutes. ZeroShadow was able to freeze about $700,000 of laundered money (less than 0.25%) within approximately 20 minutes after the laundering activities began. Most of the funds included in the laundering chain were successfully laundered, which is evidence of the advantages a crypto network's permissionless and decentralized design offers criminals over law enforcement agencies.
Technical fixes are not an option against social engineering attacks since the issue arises because of how people think rather than what the code contains. To keep yourself safe from such threats, you need to be a disciplined individual in your behaviors. This is due to the fact that someone will likely make an attempt to manipulate you in the future. Therefore, you should never provide your seed phrases to anyone. The manufacturer of hardware wallets will never ask for your private key or backup phrases. If you receive an unsolicited email or text message that appears to be from your wallet provider and requests that you provide your private key or seed phrase, it is a scam.
Before responding to any email or text message regarding your wallet account, ensure that every contact is legitimate. NEVER click on any links or call any numbers in an email or text message that claims that your wallet account has been compromised. Instead, manually locate the wallet provider's website or social media page, or provide proof of contact through verifiable channels to verify any potential fraudulent contact made concerning your wallet account. Consider using multi-signatures for large amounts of cryptocurrency and/or using time-locked structures for your wallet so that even if your key is compromised, immediate access cannot be gained to your funds.
The $282 million heist shows that even the best security systems for cryptocurrencies fail when people make bad decisions because of stress. Hardware wallets protect private keys properly, but they can't protect people who willingly give such keys to people who pretend to be them. As long as crypto depends on people being responsible, social engineering will be the best way for hackers to get into the business. The tech works. People who use it are still learning how to avoid weaponized trust.
Just Now
Dear LBank User
Our online customer service system is currently experiencing connection issues. We are working actively to resolve the problem, but at this time we cannot provide an exact recovery timeline. We sincerely apologize for any inconvenience this may cause.
If you need assistance, please contact us via email and we will reply as soon as possible.
Thank you for your understanding and patience.
LBank Customer Support Team