A major security breach has rattled the crypto community after hackers stole $3.05 million in XRP from a cold wallet. Blockchain investigator ZachXBT later traced the stolen assets to a money-laundering network operating in Southeast Asia.
Summary
- A crypto investor lost $3.05 million in XRP from an Ellipal cold wallet.
- The hack occurred after the victim entered their seed phrase into the Ellipal mobile application.
- The stolen funds were eventually traced to a Southeast Asian laundering group.
How the Hack Unfolded
The attack happened on October 12, when hackers successfully emptied the victim’s XRP wallet. Although the wallet was originally a secure cold storage device, the user made a critical error by importing their seed phrase into the accompanying mobile app.
This single action turned what was supposed to be a cold wallet into a hot wallet, exposing it to the internet and potential cyber threats. Security experts frequently warn that importing recovery phrases or private keys into connected devices eliminates the protection cold storage provides, leaving funds open to exploitation.
Tracing the Stolen XRP
Following the breach, the attackers used the Bridgers cross-chain bridge to convert the stolen XRP into Tron (TRX) through more than 120 separate transfers. These transactions appeared to move through well-known exchanges but were actually routed internally as part of the bridge’s liquidity mechanism.
Once the conversions were complete, the hackers consolidated all the assets into one Tron wallet, streamlining the laundering process. They then sent the funds through over-the-counter (OTC) channels associated with Huione, a marketplace in Southeast Asia that has been linked to illicit crypto activity and laundering schemes.
The Laundering Network
Investigations revealed that the network behind the stolen funds is connected to online scams, financial fraud, and cross-border laundering operations. It has also been implicated in activities such as pig-butchering scams and has previously drawn scrutiny for facilitating large-scale illicit transactions. The group has been the subject of international sanctions due to its role in moving illegal crypto funds.
Lessons from the Breach
This incident is a serious reminder that cold wallet security relies on responsible use. While self-custody remains one of the safest ways to protect crypto assets. Entering a seed phrase into any internet-connected app completely undermines that safety. Even a single mistake can expose entire holdings to hackers.
The case also demonstrates the power of blockchain transparency. Despite the complexity of the laundering process, on-chain investigators were still able to trace the stolen XRP across multiple blockchains—proving once again that crypto transactions, while anonymous, remain traceable through diligent investigation.
