$3 Million XRP Vanishes Overnight: Here’s How It Happened

A crypto investor in the U.S. just lost more than $3 million worth of XRP after their Ellipal wallet was compromised. The funds didn’t just vanish—they were traced moving across blockchains, swapped through bridges, and eventually laundered to Huione-linked OTC networks known for handling illicit funds. The case, uncovered by on-chain investigator ZachXBT, exposes how wallet misconfigurations and cross-chain laundering continue to plague the crypto space in 2025.

A Costly XRP Hack: $3.05 Million in XRP Stolen

A U.S. crypto investor has lost about $3.05 million worth of XRP after their Ellipal wallet was compromised. Blockchain investigator ZachXBT traced the stolen assets as they moved through multiple bridges before ending up at over-the-counter (OTC) venues allegedly linked to Huione, a network repeatedly flagged by authorities for laundering operations tied to Southeast Asian cybercrime.

How the XRP Hack Unfolded?

According to ZachXBT’s on-chain analysis posted on October 19, the stolen XRP was swapped more than 120 times from Ripple to Tron through bridge protocols on October 12. The funds were then consolidated on Tron and funneled to Huione-connected OTC accounts by October 15. This pattern—rapid cross-chain swaps followed by OTC off-ramps—has become a hallmark of large-scale crypto laundering schemes.

The Huione Connection and Ongoing U.S. Crackdown

Huione and its associated marketplaces have been under heavy scrutiny by U.S. Treasury and FinCEN. Earlier in 2025, regulators proposed designating Cambodia’s Huione Group as a primary money-laundering concern, citing billions in suspicious crypto flows. The latest case reinforces those findings, showing how OTC venues tied to the group continue to absorb stolen digital assets despite enforcement efforts.

A Mistaken Sense of Security

ZachXBT suggested the victim may have misunderstood how their wallet worked. The user apparently believed they were using a cold storage (offline) device, but in practice, it functioned as a hot wallet connected to the internet.
 

This confusion highlights a growing issue: hybrid products that blur the line between custodial and non-custodial solutions often create a false sense of safety. For less experienced users, the difference can mean the loss of an entire portfolio.

Broader Context: Wallet Exploits on the Rise

The hack reflects a broader trend in 2025’s crypto security landscape. A TRM Labs report earlier this year found that over $2 billion had been stolen in just six months through front-end compromises, private-key thefts, and wallet breaches. Many of those incidents shared the same laundering patterns—cross-chain swaps and OTC cashouts—seen in this case.

Grim Outlook for Recovery

ZachXBT noted that chances of recovering the stolen XRP are slim. Once assets are bridged across multiple networks and off-ramped through OTC desks in loosely regulated jurisdictions, tracing and freezing them becomes nearly impossible.
Jurisdictional barriers and slow reporting compound the problem, leaving victims with little recourse beyond public exposure of the laundering trail.

Calls for Tighter Exchange Oversight

To curb such laundering pipelines, ZachXBT urged centralized exchanges and stablecoin issuers to tighten transaction monitoring and implement stricter KYC on OTC intermediaries. Without stronger coordination between regulators, exchanges, and blockchain analytics firms, these cross-chain laundering loops will continue to undermine crypto’s credibility.