A crypto investor in the U.S. has lost more than $3 million worth of XRP after their Ellipal wallet was compromised. The funds were traced moving across blockchains, swapped through bridges, and eventually laundered to Huione-linked OTC networks known for handling illicit funds. This case, uncovered by on-chain investigator ZachXBT, highlights ongoing issues with wallet misconfigurations and cross-chain laundering in the cryptocurrency space.
A Costly XRP Hack: $3.05 Million in XRP Stolen
A U.S. crypto investor has lost approximately $3.05 million worth of XRP following a compromise of their Ellipal wallet. Blockchain investigator ZachXBT traced the stolen assets as they moved through multiple bridges before ultimately reaching over-the-counter (OTC) venues allegedly connected to Huione. This network has been repeatedly flagged by authorities for laundering operations associated with Southeast Asian cybercrime.
How the XRP Hack Unfolded
According to ZachXBT's on-chain analysis, the stolen XRP was swapped over 120 times from Ripple to Tron through bridge protocols on October 12. The funds were then consolidated on the Tron network and funneled to Huione-connected OTC accounts by October 15. This modus operandi, characterized by rapid cross-chain swaps followed by OTC off-ramps, has become a common feature of large-scale crypto laundering schemes.
The Huione Connection and Ongoing U.S. Crackdown
Huione and its associated marketplaces have been under intense scrutiny from U.S. Treasury and FinCEN. Earlier in 2025, regulators proposed designating Cambodia’s Huione Group as a primary money-laundering concern, citing billions in suspicious crypto flows. This latest incident reinforces those findings, demonstrating how OTC venues tied to the group continue to absorb stolen digital assets despite ongoing enforcement efforts.
A Mistaken Sense of Security
ZachXBT suggested that the victim may have misunderstood the functionality of their wallet. The user apparently believed they were using a cold storage (offline) device, but in practice, it operated as a hot wallet connected to the internet. This confusion underscores a growing problem: hybrid products that obscure the distinction between custodial and non-custodial solutions can create a false sense of security, potentially leading to significant losses for less experienced users.
Broader Context: Wallet Exploits on the Rise
This hack reflects a wider trend in the crypto security landscape of 2025. A TRM Labs report earlier this year indicated that over $2 billion had been stolen in just the first six months through front-end compromises, private-key thefts, and wallet breaches. Many of these incidents exhibited similar laundering patterns, including cross-chain swaps and OTC cashouts, as observed in this case.
Grim Outlook for Recovery
ZachXBT noted that the prospects for recovering the stolen XRP are slim. Once assets are bridged across multiple networks and off-ramped through OTC desks in loosely regulated jurisdictions, tracing and freezing them becomes exceedingly difficult. Jurisdictional barriers and delays in reporting further complicate recovery efforts, leaving victims with limited recourse beyond publicizing the laundering trail.
Calls for Tighter Exchange Oversight
To combat these laundering pipelines, ZachXBT has called for centralized exchanges and stablecoin issuers to enhance transaction monitoring and implement stricter Know Your Customer (KYC) procedures for OTC intermediaries. Without improved coordination among regulators, exchanges, and blockchain analytics firms, these cross-chain laundering schemes will continue to erode confidence in the cryptocurrency ecosystem.