- $3M in XRP was stolen from an Ellipal wallet and laundered through the Huione network using complex cross-chain transfers.
- The theft exposed widespread confusion between hot and cold wallets, leading to major user losses through social engineering.
- Blockchain tracing by ZachXBT revealed how illicit funds flow through exchanges and OTC brokers despite compliance controls.
A massive crypto theft worth $3.05 million has put the spotlight on wallet safety and user mistakes. The case, which surfaced through a viral YouTube video, involved a US-based investor who lost 1.2 million XRP from their Ellipal wallet. Blockchain investigator ZachXBT traced the stolen funds and shared detailed findings on X, outlining how the theft unfolded and where the money ended up.
Funds Traced Across Chains and Laundered via Huione Network
According to ZachXBT, the attacker moved swiftly to launder the stolen XRP through a series of conversions. “The attacker created 120+ Ripple -> Tron orders via Bridgers on Oct 12, 2025,” he explained. The transactions appeared as Binance activity since Bridgers, formerly SWFT, uses the exchange for liquidity.
Consequently, the funds were consolidated on Tron at the address TGF3…2bYw before being routed to over-the-counter (OTC) brokers linked to Huione, an illicit marketplace operating in Southeast Asia.
ZachXBT added that Huione has facilitated billions in illicit fund movements from scams, trafficking, and hacks. He also noted, “I hope centralized exchanges and stablecoin issuers implement stricter controls as they are one of the bigger threats impacting the longevity of our space.”
Confusion Over Wallet Type and Industry Lessons
The analyst emphasized that user confusion between custodial and non-custodial wallets often leads to such losses. “The XRP victim thought they were using the Ellipal cold wallet product when it was a hot wallet,” he said. Many similar scams involve social engineering, where victims unknowingly move funds to compromised wallets.
Moreover, ZachXBT warned against predatory recovery firms that exploit victims. He revealed that most charge heavy fees but deliver minimal actionable data. “Bad firms would have stopped tracing this XRP theft at Binance,” he added, stressing the need for expertise in tracing multi-chain laundering paths.
Law enforcement delays also compound the issue. The victim reportedly struggled to reach US authorities promptly. ZachXBT mentioned that countries like the US, Singapore, and France handle such cases better, though outcomes vary based on assigned officers.
