Hackers steal $3.05m XRP from cold wallet, ZachXBT traces funds
Crypto investigator ZachXBT traced the funds of a victim who lost their life savings of $3.05 million in XRP.
- A victim lost their life savings of $3.05M worth of XRP from an Ellipal cold wallet
- The hack happened after the victim imported their seed phrase into Ellipal’s mobile app
- ZachXBT traced the funds to a Southeast Asian laundering ring
Self-custody is a powerful tool for security, but only if users know what they are doing. On Sunday, Oct. 19, crypto investigator ZachXBT revealed a case of a victim losing $3.05 million in XRP from a cold wallet. The investigator ultimately traced the funds to a Southeast Asian crypto laundering ring.
The initial theft happened on Oct. 12, when attackers drained the victim’s (XRP) wallet. The victim used an Ellipal hardware wallet, which markets itself as a cold wallet. However, the victim made the mistake of importing their seed phrase into the Ellipal mobile app.
This effectively made it into a hot wallet, meaning it became connected to the internet. ZachXBT explained that importing a seed phrase into a mobile app completely defeats the purpose of cold storage and exposes users to hacks.
How hackers laundered $3.05 in XRP
Following the breach, hackers used the cross-chain bridge Bridgers to swap the XRP into Tron (TRX) in over 120 transactions. The transactions appeared to go to Binance, but this was actually part of Bridgers’ liquidity path.
After the laundering steps, the attackers moved all tokens into a single Tron wallet, making it easier to move the funds off-chain. For that purpose, they used OTC desks adjacent to Huione, a Southeast Asia–based illicit online marketplace.
According to ZachXBT, Huione has connections to hacks, pig-butchering scams, money laundering, and more. The exchange has also been sanctioned by the U.S. government for facilitating massive illicit crypto flows.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Thai Police Capture Hacker, Retrieve $7.64 Million in Landmark Cryptocurrency Law Enforcement Action
- Thai police arrested a hacker who exploited a vulnerability in Yala's Bitcoin-native platform, stealing $7.64 million in digital assets before most funds were recovered. - The breach caused Yala's stablecoin YU to temporarily lose its dollar peg, highlighting DeFi security risks as innovation outpaces safeguards. - Yala resolved user claims with recovered assets, while experts praised the arrest as a rare enforcement success showing law enforcement's growing crypto-crime capabilities. - The case undersco
Blockchain and Finance Unite: Real-Time Settlement Transforms Market Dynamics
- Ironlight Markets, a FINRA-registered ATS, became the first U.S. entity to enable atomic onchain settlement for both traditional and tokenized securities. - The platform clears trades in under 20 microseconds, targeting institutional participants in private credit and venture capital with real-time compliance. - Its atomic settlement model eliminates intermediaries, positioning it as the sole U.S. platform offering instant, secure blockchain-based security settlements. - Ironlight plans to expand through
Ethereum Updates: The Endurance of Ethereum & Chainlink Compared to BlockDAG's Scalability Strategy
- Ethereum and Chainlink show resilience amid crypto volatility, driven by institutional demand and whale accumulation. - BlockDAG's hybrid blockchain claims 15,000 TPS, merging Bitcoin security with DAG scalability to challenge market leaders. - XRP ETF growth and $9.9B futures interest highlight institutional confidence, while Ethereum's ETF net inflows reinforce DeFi dominance. - Technical analyses reveal diverging trajectories: Ethereum's bullish setup vs. Chainlink's bearish patterns and BlockDAG's un
BNB News Update: x402b Connects Decentralized Transactions with Corporate Compliance, Reaches $810 Million Market Value
- x402b protocol, an upgraded web3 payment standard by Pieverse, surged to $810M market cap in 24 hours on BNB Chain. - Protocol introduces gasless EIP-3009 transactions and auditable receipts via BNB Greenfield, addressing enterprise adoption barriers. - BNB Chain's DAAs reached 2.4M in Sept 2025, outpacing Ethereum's 3M, while Pieverse processes 500K+ weekly transactions. - UK FCA's 45% crypto AML approval and iDenfy's compliance tools reinforce regulatory readiness for protocols like x402b. - Pieverse p
Trending news
MoreCrypto prices
More
