Millions Gone in a Phone Call: The Latest Social Engineering Scam

What a record-breaking crypto scam can teach everyone about spotting support fraud

Sep 10, 2025

∙ Paid

No system was hacked. No code was broken. A person with $91 million on the line was tricked into handing it all over.

On August 19, 2025, the victim thought he was speaking with support staff from a cryptocurrency exchange and his hardware wallet provider. In reality, he was talking to scammers. Within hours, his entire balance (783 Bitcoin, worth about $91 million) was drained, split into smaller transactions, and pushed through a tool designed to obscure the trail.

This wasn’t the first high-profile social engineering theft, and it won’t be the last. What makes this story worth your attention isn’t the dollar amount. It’s how simple the playbook was, and how preventable it could have been.

And even if you aren’t into crypto, this matters. The same tactics scammers used here are the ones they use against everyday bank accounts, email logins, and even medical portals.

Subscribe for quick privacy wins

The Anatomy of the $91M scam

Here’s what we know.

On August 19, 2025, the victim received what looked like legitimate communication from customer support. The scammers posed as representatives from both a cryptocurrency exchange and a hardware wallet company. In other words, the two places this person trusted most to keep his money safe.

They convinced the victim that there was a serious issue with his account and that quick action was needed. Under pressure, the victim followed the instructions, and in doing so, unknowingly gave the scammers access to his funds.

Within hours, the money was gone. The attackers quickly moved it into smaller pieces and ran it through privacy tools designed to make digital transactions harder to trace. By the time investigators pieced together what happened, the trail was already cold.

What makes this especially painful is that no “hack” was required. The security technology worked exactly as it was supposed to. The weak link was trust, and the scammers knew how to exploit it.

Why Social Engineering Works So Well

Social engineering attacks like this one succeed for three main reasons:

They target trust, not technology
When someone sounds official, it’s natural to believe them, especially if they claim to be from a company you already use.
They exploit urgency
Scammers create pressure. “Your account is at risk.” “We need to verify right away.” That sense of crisis gets people to skip their normal safeguards.
Crypto makes the payoff instant
In traditional finance, wire transfers can be reversed, and fraud detection systems often flag suspicious activity. In crypto, once you sign a transaction, it’s gone forever.

This combination is why attackers don’t need to be technical geniuses. They just need to be convincing enough on the phone.

Help a friend or family member level up their privacy and security game and share this post with them.

The Role of Data Breaches

One thread worth pulling on is how much data breaches fuel scams like this.

When a company leaks your personal information, whether it’s a phone number, email, or account details, it becomes part of a massive underground dataset. Scammers use these details to craft messages or calls that feel authentic.

It’s one thing to get a generic “Your account is compromised” text. It’s another to get a call from someone who knows:

Which exchange you use.
What kind of hardware wallet you have.
Your personal email address.

That level of detail is only possible because of breaches. And since breaches keep happening, attackers have a nearly endless supply of targets.

This is why reducing your digital footprint, like removing your data from people-search sites, limiting the information you give to companies, using disposable emails, pays off. It makes you less of a bullseye.

If you're not familiar with the benefits of disposable emails (a/k/a email aliases or temporary emails), you'll want to check out our guide The Inbox Firewall available here. Disposable emails are the highest privacy ROI around. Use promo code 6N3FQ66 for 25% off.

How to Protect Yourself

Scammers don’t just target crypto users. The same tactics show up in bank fraud, tech support scams, and even fake IRS calls. Here’s a practical checklist you can use in everyday life to make yourself a harder target:

1. Mindset: Default to distrust

Treat every unexpected call, text, or email as suspicious until proven otherwise.
If someone claims there’s an urgent problem, hang up and contact the company directly using the phone number on your bank card, credit card, or other trusted source (public website is low trust, FYI).

2. Tech setup: Build safer defaults

Use two-factor authentication (but avoid text-message codes if you can. Instead, use an authenticator app or hardware key).
Keep your main accounts (email, bank, cloud storage) locked down with strong, unique passwords stored in a password manager.
Update your devices regularly so security patches are in place.

Secrets of Privacy

Understanding Password Managers and How They Work

Welcome to another issue of Secrets of Privacy where we discuss personal privacy related topics and provide practical tips to immediately boost your personal privacy…

2 years ago · 4 likes · Secrets of Privacy

3. Privacy tools: Shrink your digital footprint

Keep reading with a 7-day free trial

Subscribe to Secrets of Privacy to keep reading this post and get 7 days of free access to the full post archives.