Hacker steals $3 million worth of XRP from Ellipal wallet in the US

• User loses $3 million in XRP after hack
• Diverted funds pass through bridges and OTCs linked to Huione
• Investigation points to user failure, not Ellipal wallet failure

A U.S. cryptocurrency user had approximately $3,05 million worth of XRP stolen after his Ellipal wallet was compromised, according to an investigation led by on-chain analyst ZachXBT. The investigation revealed that the funds were transferred via inter-chain bridges and subsequently laundered through over-the-counter exchanges associated with Huione, a network under investigation by authorities for facilitating illicit activities in Southeast Asia.

According to ZachXBT, the attack occurred on October 12th and involved over 120 XRP-to-Tron exchanges before the funds were consolidated and redistributed to Huione-linked OTC addresses on October 15th. The expert published the addresses involved and described the detailed movements in a thread on X.

1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.

Here's the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4

— ZachXBT (@zachxbt) October 19, 2025

In recent months, the U.S. Treasury Department and FinCEN have been increasing their monitoring of entities associated with Huione, including proposed sanctions and new rules that classify the Cambodian organization as a significant money laundering concern. Recent reports cite billions of dollars in suspicious transactions connected to this ecosystem.

ZachXBT emphasized that in this case, there's no evidence of a technical failure in the Ellipal wallet, but rather a user configuration error. "The victim believed they were using a cold storage device, when in fact they were operating a hot wallet," the investigator explained. He also noted that the lack of clarity between custodial and non-custodial products still exposes many users to unnecessary risks.

The incident reinforces a recurring pattern of attacks on wallets and private keys in 2025. A recent report from TRM Labs found that over $2 billion was lost in the first half of the year alone in thefts linked to front-end vulnerabilities and access fraud. Much of these funds end up being converted into other assets and diverted through OTC channels similar to those identified in this case.

ZachXBT stated that recovery of the funds is unlikely due to jurisdictional limitations and the speed with which the funds were moved. He also urged centralized exchanges and stablecoin issuers to adopt stricter controls to track suspicious flows and curb money laundering in parallel markets.

XRP, the native token of the XRP Ledger designed for rapid value transfers, was trading around $2,46 on Monday, up 6% in the last 24 hours, following the general recovery of cryptocurrencies after recent market sell-offs.