ARTICLE
21 April 2025

Sophisticated Crypto Theft Targeting High-Net-Worth Individuals

HK
Holland & Knight

Contributor

Holland & Knight logo
Holland & Knight is a global law firm with nearly 2,000 lawyers in offices throughout the world. Our attorneys provide representation in litigation, business, real estate, healthcare and governmental law. Interdisciplinary practice groups and industry-based teams provide clients with access to attorneys throughout the firm, regardless of location.
Explore Firm Details
A recent court case has unveiled a new level of sophistication in attacks targeting high-net-worth cryptocurrency holders. In a meticulously orchestrated scheme, hackers managed to steal more than $40 million in bitcoin from an individual, despite the owner's use of hardware wallets, which are generally considered one of the most secure methods for cryptocurrency storage.
United States Technology
Lisa Kim,Andrew W. Balthazor,Paul Bond
+1 Authors
 Your Author LinkedIn Connections

Highlights

  • A recent court case has unveiled a new level of sophistication in attacks targeting high-net-worth cryptocurrency holders. In a meticulously orchestrated scheme, hackers managed to steal more than $40 million in bitcoin from an individual, despite the owner's use of hardware wallets, which are generally considered one of the most secure methods for cryptocurrency storage.
  • The attackers employed a multifaceted approach that included false "death" notifications, a hardware wallet security compromise, support ticket manipulation and multiplatform coordination.
  • This case demonstrates that even holders of hardware wallets may be vulnerable to sophisticated social engineering attacks. Cryptocurrency holders who receive unexpected communications about their holdings or unusual account notifications should not click links or provide information but instead should contact their digital asset security advisor directly through previously established channels.

Earlier this year, a complaint was filed in the U.S. District Court for the District of New Jersey alleging a cryptocurrency theft where an unknown hacker stole approximately $40 million in bitcoin from the victim's cryptocurrency wallets. The attack involved a series of sophisticated phishing emails designed to impersonate legitimate communications from Google and a hardware cryptocurrency wallet provider.

The scheme began with the victim receiving a phishing email from a fake Google Workspace Alerts account falsely claiming that he was deceased and mentioning that there was a legal matter involved with his Google account.

The victim later received another phishing email that appeared to come from the support account of the victim's hardware cryptocurrency wallet provider attempting to trick him into providing his extended public key by claiming that his private key recovery service had been initiated – a service to which he had never subscribed. The victim suspected the email was a phishing attempt and contacted the hardware cryptocurrency wallet provider via their legitimate support channel to inform them of the scam. In response, he received a series of misleading emails that attempted to further convince him to follow the fraudulent instructions. These included emails misrepresenting that the original phishing email was genuine and persuading the victim that he should provide his extended public key to protect his assets.

The victim also sought advice from a Reddit group dedicated to issues with the hardware cryptocurrency wallet provider, where he received conflicting advice from users, including one encouraging him to follow the fraudulent instructions. Approximately an hour after the victim communicated his situation on Reddit, the victim discovered that both the account of the user – who responded to his post – and the victim's own Reddit account had been deleted.

The incident prompted the victim to take immediate action to secure his assets. He moved his crypto assets from his hardware cryptocurrency wallet to a different wallet and began changing other passwords to prevent further unauthorized access. Despite his efforts, his cryptocurrency wallets were eventually compromised, and 521.99931468 bitcoin was transferred from his wallets to an address controlled by the hacker.

Key Security Lessons

This case demonstrates that even hardware wallets are vulnerable when combined with sophisticated social engineering attacks. Holland & Knight recommends the following precautions:

  • If you receive unexpected communications about your cryptocurrency holdings or unusual account notifications, do not click links or provide information.
  • Never share extended public keys or private keys with anyone, regardless of how legitimate the request appears.
  • Use multiple authentication factors for all cryptocurrency-related accounts.
  • Verify support communications through alternate channels before responding to emails about account security.
  • Establish emergency response procedures in advance to quickly freeze accounts if you suspect compromise.
  • Consider multi-signature arrangements requiring multiple parties to authorize high-value transactions.
  • Store cryptocurrency in hardware wallets (cold storage) and back up recovery phrases offline in physically secure, tamper-evident environments.
  • Consider using multiple types of hardware wallets to spread holdings across different platforms to prevent a single point of failure from being catastrophic.
  • Avoid publicly revealing your involvement in cryptocurrency on social media platforms, as attackers typically target individuals who advertise their involvement in cryptocurrency.

For high-net-worth individuals seeking to enhance their personal cybersecurity strategy, Holland & Knight's Private Wealth Services – Digital Assets Team offers tailored advice and solutions. Our team is dedicated to helping clients navigate the complexities of digital asset protection and helping ensure their wealth is secure against evolving threats. Additionally, Holland & Knight's Data Strategy Security & Privacy Team focuses on helping clients maximize their data and technological capabilities while managing associated risks and incidents that arise.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Lisa Kim
Lisa Kim
Photo of Andrew W. Balthazor
Andrew W. Balthazor
Photo of Max Angel
Max Angel
Photo of Paul Bond
Paul Bond
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More