Crypto thefts targeting XRP holders are raising new alarms after blockchain investigator ZachXBT provided an analysis on social media platform X on Oct. 19 revealing how a U.S. investor lost $3.05 million (1.2 million XRP) from an Ellipal wallet. His findings detailed a coordinated laundering process that quickly moved the stolen funds across multiple blockchains.

The analyst traced the movements of the stolen XRP through various channels that ultimately led to over-the-counter (OTC) entities connected to the Southeast Asian marketplace Huione, which has been sanctioned by U.S. regulators for facilitating illicit transactions tied to scams and human trafficking.

“The victim seems inexperienced and does not provide enough details to determine how the Ellipal wallet became compromised besides it being user error,” ZachXBT stated. He explained:

The XRP victim thought they were using the Ellipal cold wallet product when it was a hot wallet.

Ellipal responded to concerns about the XRP theft on X: “We actually looked into this case in detail. It turns out the user accidentally imported their cold wallet seed phrase into the app, which made it a hot wallet. Our cold wallets are fully air-gapped and never connect to the internet, so no theft has ever come from them. Still, we take every report seriously and always investigate thoroughly.”

The investigator found that the attacker executed more than 120 Ripple-to-Tron swaps using Bridgers, a cross-chain liquidity platform that relies on Binance for settlements. “One lesson our industry needs to do better with is not causing confusion with products when you offer both custodial and non-custodial products,” he advised.

The analyst noted broader systemic failures in response to crypto crimes. “The XRP victim mentioned in a later video how they could not quickly get in touch with US law enforcement for a $3M theft,” he said, underscoring the lack of specialized law enforcement resources. He added that “>95% of recovery companies are predatory and charge large amounts for basic reports with few actionable insights.” Expanding on this, ZachXBT commented:

Bad firms would have stopped tracing this XRP theft at Binance and have created a report saying ‘contact Binance’ when in reality the service was Bridgers or would have failed to identify addresses linked to Huione.

He concluded: “Unfortunately the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector.” Calling for stronger industry standards, he urged: “I hope centralized exchanges and stablecoin issuers implement stricter controls as they are one of the bigger threats impacting the longevity of our space.”

• What triggered renewed concerns among XRP investors?
  A $3.05 million XRP theft from an Ellipal wallet revealed major security flaws and laundering tactics that moved stolen assets across multiple blockchains rapidly.
• How did the XRP theft occur?
  The victim mistakenly used a hot wallet thinking it was a cold wallet, allowing attackers to execute over 120 cross-chain swaps through Bridgers.
• Why are crypto crime investigations often ineffective?
  Limited law enforcement expertise and predatory recovery firms hinder timely responses and accurate tracing of stolen digital assets.
• What steps are being urged to prevent similar crypto thefts?
  Investigators are calling for stronger exchange oversight, clearer wallet classifications, and stricter compliance by stablecoin issuers.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。