The Civic Node

US Retiree Loses 3M XRP Ellipal Wallet Hack

3 min read

Summary

A 54-year-old North Carolina retiree lost 1.2 million XRP (~$3.05M) from an Ellipal hardware wallet. The theft occurred October 12, 2025; discovered three days later. Blockchain investigator ZachXBT traced the funds through Huione (a platform flagged for processing illicit funds) into 30+ wallets and eventually to Tron before OTC dispersion. Ellipal says the wallet was compromised when the private key was imported into a mobile app, converting the cold wallet to a hot wallet.

Key Points

  • Stolen: 1.2 million XRP (~$3.05M) from Ellipal hardware wallet.
  • October 12, 2025 theft; discovered October 15.
  • Transactions: 2 small transactions + 1 large; funds sent to a newly created wallet, then split to ~30 wallets.
  • ZachXBT traced funds through crypto mixers (Tornado Cash), cross-chain bridges, 500-900 wallets, then Huione OTC network.
  • Funds consolidated on Tron before OTC dispersion.
  • Ellipal: breach occurred because private key was imported into a mobile app (converting cold to hot wallet).
  • Victim accumulated XRP over 8 years; considered life savings.
  • ZachXBT: “unlikely to recover funds due to delay in reporting.”
  • Huione: flagged by U.S. authorities; linked to $15B Prince Group seizure and sanctions (week prior).
  • Law enforcement unresponsive.

Newsletter Angles

  • The cold-wallet-to-hot-wallet conversion as the attack vector: the security of hardware wallets depends entirely on users never importing the private key digitally. One mistake collapses the entire security model — this is the self-custody paradox.
  • Huione as infrastructure for laundering: a platform previously sanctioned in a $15B criminal seizure is the exit ramp for a $3M retail theft. This suggests a professionalized layer of illicit crypto services operating globally.
  • The law enforcement gap: the victim “has yet to receive any response” from law enforcement — illustrating the real consumer protection problem in crypto. No FDIC, no CFPB, no recovery mechanism.

Concepts Mentioned

  • Data Privacy Weaponization — private key security as the single point of failure in self-sovereign finance
  • CBDC — contrast: a CBDC would have institutional fraud recovery; self-custody has none

Quotes

“I’ve been accumulating XRP for the past eight years. I’ve accumulated over 1.2 million XRP, which is worth over three million dollars now.”

“Unfortunately, the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector.”

Notes

FinanceFeeds report. ZachXBT’s role as a private blockchain investigator providing the only forensic trail (in the absence of law enforcement engagement) is notable — private on-chain detective work filling a law enforcement gap.

Graph View

Backlinks