A U.S. crypto investor has reportedly lost over $3 million in XRP after hackers compromised their Ellipal wallet, with the stolen assets funneled through cross-chain bridges and laundered via Huione-linked over-the-counter (OTC) networks, according to blockchain investigator ZachXBT.
In a detailed investigation posted on X (formerly Twitter) on October 19, ZachXBT traced the flow of the stolen funds from Ripple to Tron, identifying more than 120 bridge transactions carried out on October 12. His on-chain analysis revealed the assets were consolidated on the Tron blockchain before being dispersed to OTC brokers associated with Huione by October 15.
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.
— ZachXBT (@zachxbt) October 19, 2025
Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4
Laundering Trail Leads to Huione Networks
The case adds to growing concerns about Huione, a Cambodia-based fintech group that U.S. authorities allege has been facilitating large-scale money laundering operations tied to online scams and cybercrime in Southeast Asia.
Earlier in 2025, the Financial Crimes Enforcement Network (FinCEN) labeled Huione as a “primary money-laundering concern”, citing billions of dollars in suspicious cross-border transactions. The U.S. Treasury has since proposed sanctions targeting entities and digital marketplaces affiliated with the network.
Likely User Error, Not a Hardware Exploit
Despite speculation of a sophisticated exploit, ZachXBT noted that the incident appeared to stem from user error rather than a hardware vulnerability. The victim, he said, likely misunderstood the custodial settings of the wallet.
Ellipal, like some other crypto wallets, offers both hot and cold storage options. According to the investigator, the user believed their XRP was in cold storage — a more secure offline environment — when it was actually stored in a hot wallet, connected to the internet and thus more exposed to attacks.
“This case shows how even cautious investors can fall victim to misleading product design or misconfiguration,” ZachXBT wrote, adding that clearer security guidance and wallet UX improvements are urgently needed.
A Wider Trend of 2025 Crypto Thefts
The breach comes amid a surge in crypto-related thefts this year. A recent TRM Labs report estimated that over $2 billion was stolen across various blockchain networks in the first half of 2025 alone. Many of these heists involved private key thefts, phishing attacks, and wallet compromises, with attackers often using cross-chain bridges and OTC off-ramps to obscure fund trails — the same laundering pattern seen in this XRP case.
ZachXBT warned that recovery prospects are low, citing delayed reporting and cross-jurisdictional barriers that make tracking and freezing funds difficult. He urged centralized exchanges and stablecoin issuers to adopt stronger controls against OTC-based laundering networks.
Market Impact
Despite the theft, XRP — the native token of the XRP Ledger, a payments-oriented blockchain — remained resilient. According to data, XRP traded around $2.46 at the time of writing, up 6% in the past 24 hours as broader crypto markets stabilized following recent volatility.
