A U.S. crypto holder has reportedly lost over $3 million in XRP after a sophisticated hack on his Ellipal hardware wallet, according to blockchain investigator ZachXBT. The stolen assets were quickly funneled through multiple blockchains and ended up in wallets tied to a sanctioned Southeast Asian laundering network.
Funds Moved Across Chains and Into Huione
ZachXBT’s on-chain analysis revealed that the attacker executed more than 120 transfers between Ripple and Tron on October 12, 2025, routing transactions via a cross-chain bridge called Bridgers. Within three days, the XRP had been converted and moved into wallets associated with Huione, a Cambodia-based OTC network recently sanctioned by the U.S. Treasury for facilitating billions in illicit transactions linked to fraud, cybercrime, and human trafficking.
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.
Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4
— ZachXBT (@zachxbt) October 19, 2025
The laundering process involved Binance liquidity pools and cross-chain swaps, enabling the hacker to obscure the fund trail rapidly. By October 15, all of the stolen assets were under Huione-linked control.
Cold Wallet Confusion Proved Costly
In his report, ZachXBT noted that the victim believed his Ellipal wallet was a cold storage device, fully disconnected from the internet. In reality, it was a connected hot wallet, leaving it vulnerable to remote exploits. “Misunderstandings like this are alarmingly common,” ZachXBT wrote, adding that even users on centralized exchanges such as Coinbase often assume their funds are stored offline when they’re not.
Enforcement Challenges in Crypto Theft
ZachXBT also highlighted the lack of U.S. law enforcement infrastructure capable of handling cross-chain crypto crime, noting that the victim struggled to find authorities who could trace or recover the funds. The case underscores a growing mismatch between criminal sophistication and regulatory capacity, a gap bad actors are increasingly exploiting.
With Huione already under renewed sanctions tied to a $15 billion investigation into the Prince Group’s financial network, the breach adds to mounting evidence that crypto theft and Southeast Asian laundering networks are becoming deeply intertwined.
