- Victim loses $3.05 million in XRP after mistakenly importing seed phrase into a mobile app.
- ZachXBT traces the stolen funds to a Southeast Asian crypto laundering network.
- Attackers used cross-chain tools and OTC desks linked to the sanctioned Huione marketplace.
Self-custody remains one of the safest ways to secure digital assets but only when executed correctly. On October 19, blockchain investigator ZachXBT revealed the case of a crypto user who lost $3.05 million worth of XRP from a cold wallet after making a critical operational mistake.
The theft occurred on October 12, when hackers drained the victim’s XRP wallet. The user had stored their funds using an Ellipal hardware wallet, a device marketed as an offline storage solution. However, the victim later imported their seed phrase into the Ellipal mobile app a move that effectively transformed the wallet into a hot wallet connected to the internet.
ZachXBT emphasized that importing a seed phrase into a mobile app “completely defeats the purpose of cold storage” and exposes funds to online attacks.
Newsletter
Get weekly updates on the newest crypto stories, case studies and tips right in your mailbox.
How hackers laundered $3.05 million in XRP
After breaching the wallet, the attackers swiftly moved the stolen funds through a complex laundering process. Using the Bridgers cross-chain bridge, they converted the stolen XRP into Tron (TRX) via more than 120 separate transactions. Although some transactions appeared to be directed toward Binance, they were actually part of Bridgers’ liquidity routing.
Once converted, the hackers consolidated the assets into a single Tron wallet, simplifying further transfers. The funds were then funneled through over-the-counter (OTC) desks connected to Huione, a Southeast Asia–based online marketplace known for illicit activities.
Links to sanctioned crypto laundering networks
Huione has longstanding ties to crypto-related criminal operations, including pig-butchering scams, hacks, and money laundering schemes. The platform has previously been sanctioned by the U.S. government for facilitating the movement of large volumes of illicit digital assets.
This case underscores the ongoing risks faced by individual investors in the crypto space not only from sophisticated hackers but also from simple user errors that can compromise even the most secure forms of storage.
