Crypto

ZachXBT Investigates $3 Million XRP Stolen from Hardware Wallet

Photo of Emma Horvath Emma Horvath Send an email October 20, 2025
0 4 3 minutes read

Cryptocurrency Heist: Understanding the $3 Million XRP Theft

Our editorial team is committed to producing reliable content, vetted by leading experts and experienced editors. This piece includes disclosures related to advertising.

The Complex Path of a $3 Million XRP Theft

Advertisement Banner

Renowned blockchain investigator, ZachXBT, has successfully tracked an extensive $3.05 million theft of XRP, initially stolen from an American retail investor. The stolen cryptocurrency was funneled through Bridgers—a service previously linked to SWFT—and eventually landed in over-the-counter venues associated with Huione, a financial network in Cambodia recently severed from the US financial system by the government.

Details of the XRP Theft

On October 19, ZachXBT revealed a comprehensive analysis of how a US-based victim lost $3.05 million, equivalent to 1.2 million XRP, from their Ellipal wallet. He provided a thorough tracing of where the stolen funds ended up and highlighted significant takeaways for similar thefts in the future.

How the Theft Unfolded

In a detailed examination, ZachXBT identified the theft address—r3cf5mgj5qEcj9n4Th28Es7NVRnXGJjkzc—by correlating dates and transaction amounts from a widely-viewed YouTube video. Despite the victim not directly sharing the address, ZachXBT was able to deduce it by reviewing transaction data. He noted that the victim seemed inexperienced and lacked the necessary details to explain how their Ellipal wallet was compromised, suggesting user error as a probable cause.

The Laundering Process

Once the XRP was stolen, the attacker quickly converted the assets across different blockchains. On October 12, 2025, the perpetrator executed over 120 Ripple-to-Tron orders using Bridgers, a platform that utilizes Binance for liquidity. The stolen funds were consolidated on the Tron network by October 12 and were fully laundered through over-the-counter networks linked to Huione by October 15. Bridgers, a cross-chain swap platform operating across numerous networks, has been associated with SWFT’s AllChain Bridge stack, according to DappRadar documentation.

Implications and Warnings from US Authorities

The mention of Huione in this context is notable, especially amidst an evolving sanctions landscape. On October 14, 2025, the US Treasury identified the Huione Group as a primary concern for money laundering, effectively disconnecting it from the US financial system due to its involvement in Southeast Asian scam and trafficking operations. This action was part of a coordinated effort alongside the UK and targeted other criminal organizations in Cambodia.

Lessons from the Incident

ZachXBT emphasized that the Ellipal wallet incident stemmed from user confusion rather than a hardware exploit. He highlighted the need for the industry to improve clarity between custodial and non-custodial products, explaining that the victim believed they were using a cold wallet, whereas it was actually a hot wallet. This situation is akin to previous incidents where victims were tricked into moving assets due to social engineering.

Ellipal confirmed the mix-up, stating that the victim erroneously imported their cold wallet’s seed phrase into a hot wallet, thus exposing their assets online. The company reaffirmed the security of their air-gapped cold wallets, which remain offline and uncompromised. They advised users never to import cold wallet seeds into app-based wallets and to keep recovery phrases secure and offline.

Broader Implications for the Cryptocurrency Ecosystem

ZachXBT’s findings highlight the growing professionalization of scam ecosystems, where stolen funds are swiftly moved across chains and laundered through platforms like Huione. He noted that Huione has facilitated the laundering of billions in illicit funds, urging centralized exchanges and stablecoin issuers to implement stricter controls to protect the cryptocurrency space’s longevity.

Challenges in Recovery Efforts

Recovery of stolen cryptocurrency remains a significant challenge, as demonstrated by the victim’s difficulty in contacting US law enforcement for the $3 million theft. ZachXBT pointed out the scarcity of law enforcement agencies equipped to handle such cases and the overwhelming number of victim reports, suggesting that incidents often go overlooked. He cited the US, Netherlands, Singapore, and France as comparatively better equipped to address such issues, depending on the investigator.

He also criticized the crypto recovery industry, noting that the majority of recovery firms are predatory, charging exorbitant fees for basic reports with limited actionable insights.

Outlook for Restitution

The chances of recovering the stolen funds are slim due to the delay in reporting the theft to competent authorities. ZachXBT emphasized the importance of quickly reporting theft addresses to increase the likelihood of freezing illicit flows. He also highlighted the need for better support systems within the Ripple community, comparing it unfavorably to those available for Bitcoin, Ethereum, Solana, and major EVM chains.

As of the latest data, XRP is trading at $2.44.

Editorial Integrity

Editorial Process: At bitcoinist, we prioritize delivering well-researched, unbiased, and accurate content. Our stringent sourcing standards are upheld by a team of top technology experts and seasoned editors, ensuring the integrity, relevance, and value of our content for our readers.

Photo of Emma Horvath Emma Horvath Send an email October 20, 2025
0 4 3 minutes read
Photo of Emma Horvath

Emma Horvath

After graduating Communication and Media Studies MA in Eötvös Loránd University, Emma started to realize that her childhood dream as a creative news reporter committed to find dynamic journalism stories. I'm a passionate journalist with a keen interest in the fast-evolving world of cryptocurrencies. I've been reporting on the latest developments in the crypto industry for several years now, covering breaking news and providing insights on how the market is trending. I'm adept at analyzing daily market movements, researching ICOs, and keeping track of the latest innovations in blockchain technology. My expertise in the space makes her a trusted voice in the crypto community. Whether it's the latest Bitcoin price movements or the launch of a new DeFi platform, I am always at the forefront, bringing her readers the most up-to-date and informative news.

Related Articles

BlockDAG Leads with New 5-Level Bonus System Amid Solana’s Slump & Stellar’s Surge—Signs of Imminent Major Listings?

December 2, 2024

BlockDAG Locks in 5 CEX Listings Ahead of GO LIVE Reveal – $0.0020 Entry Ends June 13

May 15, 2025

BlockDAG Offers 5-Tier Rewards for Buyers—A Look at Litecoin Forecasts & Ethereum’s Market Dynamics

December 2, 2024

Unlock Major Gains with 5 Top Crypto Coins for 2025—Here’s Why BlockDAG, TRX, AVAX, LINK & XLM Have Made the Cut!

January 11, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button