- Kraken user loses $18.2M in scam, funds bridged via THORChain within 45 mins.
- Attacker swapped 878 ETH to BTC, using SafePal to obscure the fund trail.
- ZachXBT links case to rising social engineering scams targeting crypto users.
A crypto user on the Kraken exchange has lost $18.2 million in a suspected social engineering scam, according to on-chain investigator ZachXBT.
Notably, ZachXBT revealed that the threat actor began moving funds roughly 45 minutes after the compromise, bridging assets from Ethereum to Bitcoin using THORChain. The attacker utilized a SafePal wallet during the process.
On-chain data shows an initial swap involving 878 ETH worth approximately $1.8 million at the time. The transaction was later completed, converting the funds into 26.6 BTC.
The movement of funds across chains suggests an attempt to obscure the trail and reduce the chances of recovery.
Social Engineering Suspected
While no technical exploit has been confirmed, the nature of the incident points toward social engineering. This is a case where attackers manipulate victims into revealing sensitive access credentials or approving malicious transactions. Such attacks have become common, targeting high-value users on centralized exchanges.
Circle Unfreezes USDC Linked to Separate Incident
In a separate update, ZachXBT noted that Circle recently unfroze USDC tied to the so-called “Goated” hot wallet. The address in question had previously been restricted, though no public explanation was given for the initial freeze.
Further updates indicated that additional wallets, including those associated with “500 Casino & Whale” and the ckUSDC bridge on Dfinity, have also been unfrozen.
The lack of transparency around both the freezing and subsequent unfreezing of these wallets has raised questions within the crypto community.
ZachXBT Uncovers Accounts Using Fear Narratives to Steal Crypto
Last week, ZachXBT exposed a coordinated network of social media accounts using fear-driven war and political narratives to lure users into crypto scams. Over 10 accounts reportedly worked together, amplifying viral “doomposting” content to build massive engagement before pivoting to fake giveaways and pump-and-dump schemes.
One example involved the $ORAMAMA token, which was aggressively promoted by multiple accounts on February 22, 2026, then abruptly abandoned after generating six-figure profits. The operation relies on recycled tactics, including AI-generated personas, account resales, and engagement farming to repeatedly run scams at scale.
ZachXBT warned that such networks could extend beyond crypto fraud to broader misinformation campaigns. As a result, he urged stricter platform enforcement and user vigilance.
Related: ZachXBT Exposes Crypto Scam Network Using War Fear Narratives
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.