TL;DR

A U.S. crypto user lost roughly $3.05 million in XRP after their Ellipal wallet was compromised.
Blockchain investigator ZachXBT traced the stolen funds through cross-chain bridges and into OTC venues linked to Huione.
The theft highlights ongoing risks in wallet security and the growing role of decentralized monitoring in tracking crypto crime, showing both the challenges and capabilities of on-chain analysis in real-time.

A U.S. individual recently suffered a major crypto loss when about $3.05 million worth of XRP was stolen from their Ellipal wallet. According to blockchain sleuth ZachXBT, the funds were rapidly moved through multiple bridges, eventually ending up in over-the-counter venues connected to Huione, a marketplace with prior allegations of laundering activity. This case also demonstrates how fast funds can move across networks before exchanges can intervene.

Detailed Tracking Shows Complex Movement

In a thread published on X on October 19, ZachXBT documented the full path of the theft. More than 120 Ripple-to-Tron swaps were identified on October 12, followed by consolidation on the Tron network. By October 15, the funds were dispersed to Huione-linked OTC channels, illustrating the speed and complexity of cross-chain laundering operations. The detailed timestamps and transaction links make it possible for analysts to reconstruct the full flow almost in real time.

Authorities have previously highlighted Huione’s involvement in large-scale laundering schemes, particularly linked to Southeast Asia. U.S. Treasury proposals earlier this year aimed at sanctioning entities associated with these flows, while FinCEN identified Huione as a significant money-laundering concern, citing billions in suspicious activity.

User Error Highlights Wallet Security Challenges

ZachXBT noted that the victim appeared inexperienced, suggesting the loss stemmed from user error rather than a technical exploit. Ellipal wallets that combine custodial and non-custodial features can confuse users, and in this case, the wallet functioned as a hot wallet despite the user assuming it was cold storage.  

This incident reflects persistent attack vectors in 2025, as highlighted in a TRM Labs report documenting over $2 billion stolen during the year’s first half through private-key thefts and wallet breaches. Many of these cases also involve cross-chain swaps and OTC cashouts, echoing the patterns traced by ZachXBT.

While recovery prospects remain low due to reporting delays and jurisdictional complications, the episode underscores the importance of vigilance in wallet usage and the emerging role of on-chain forensic analysis. XRP, the native token of the XRP Ledger, traded near $2.46 today, marking a 6% rise in the past 24 hours as the market stabilizes after recent liquidation events.

---

Filed under: News - @ October 20, 2025 12:25 pm