{"id":90065,"date":"2025-10-20T16:39:22","date_gmt":"2025-10-20T13:39:22","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=90065"},"modified":"2025-10-20T16:40:55","modified_gmt":"2025-10-20T13:40:55","slug":"zachxbt-uncovers-3-million-xrp-theft-from-american-wallet","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/zachxbt-uncovers-3-million-xrp-theft-from-american-wallet\/","title":{"rendered":"ZachXBT Uncovers $3 Million XRP Theft from American Wallet"},"content":{"rendered":"<p>Cybercriminals have stolen 1.2 million <a href=\"https:\/\/forklog.com\/en\/news\/what-are-ripple-and-the-cryptocurrency-xrp\">XRP<\/a>, valued at $3 million, from a user&#8217;s wallet in the United States. The incident was reported by on-chain investigator ZachXBT.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet. <\/p>\n<p>Here\u2019s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. <a href=\"https:\/\/t.co\/Gyw0OWjts4\">pic.twitter.com\/Gyw0OWjts4<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1979899767212699910?ref_src=twsrc%5Etfw\">October 19, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to him, on October 12, hackers created over 120 orders to convert XRP into <a href=\"https:\/\/forklog.com\/en\/news\/what-is-tron-trx\">TRX<\/a> via the Bridgers aggregator. By the 15th, the fraudsters had consolidated all the funds on the Tron network and then laundered them through over-the-counter exchanges linked to the world&#8217;s largest illegal <a href=\"https:\/\/forklog.com\/en\/news\/telegrams-attempt-to-block-huione-proves-ineffective-says-trm-labs\">marketplace Huione<\/a>.<\/p>\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"624\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-1024x624.png\" alt=\"image\" class=\"wp-image-267855\" srcset=\"https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-1024x624.png 1024w, https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-300x183.png 300w, https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-768x468.png 768w, https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-1536x936.png 1536w, https:\/\/forklog.com\/wp-content\/uploads\/img-6b153d17dd167c46-7360114137690715-2048x1249.png 2048w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Source: X\/ZachXBT. <\/figcaption><\/figure>\n<p>ZachXBT noted that the victim was an inexperienced user, and the incident occurred due to his mistake. The victim believed he was using Ellipal cold storage, but was actually dealing with a hot wallet.<\/p>\n<p>The expert believes the chances of recovering the assets are slim. The user was unable to quickly contact American law enforcement agencies. The Ripple community also lacks a &#8220;good&#8221; system for victims, the on-chain investigator emphasized.<\/p>\n<h2 class=\"wp-block-heading\">Lessons<\/h2>\n<p>ZachXBT stated that systemic issues contribute to widespread cryptocurrency thefts. Wallet manufacturers often complicate users&#8217; understanding of the difference between custodial and <a href=\"https:\/\/forklog.com\/en\/news\/what-are-custodial-and-non-custodial-crypto-wallets\">non-custodial<\/a> products.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;I often encounter large-scale thefts through phishing disguised as Coinbase support, where socially engineered victims transfer funds from their exchange account to a compromised Coinbase Wallet. Afterwards, some victims claim they were unaware of the difference between these products,&#8221; he wrote.<\/em><\/p>\n<\/blockquote>\n<p>The problem is exacerbated by deficiencies in law enforcement operations. According to the expert, there is a shortage of qualified investigators who can address such issues. Meanwhile, the volume of reports exceeds the authorities&#8217; capabilities.<\/p>\n<p>In the on-chain investigator&#8217;s view, the most effective jurisdictions are the United States, the Netherlands, Singapore, and France. However, the final outcome depends on the specific executor, he clarified. In other countries, the process is even less productive and too costly.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Another lesson is that over 95% of companies offering fund recovery services are predatory, charging large sums for basic reports with little useful information,&#8221; the expert added.<\/em><\/p>\n<\/blockquote>\n<p>Firms that use <span data-descr=\"Search Engine Optimization \u2014 works on optimizing a site for search engine requirements\" class=\"old_tooltip\">SEO<\/span> promotion act particularly aggressively. According to ZachXBT, they take on hopeless cases to profit from desperate victims.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Bad companies would have stopped tracing this XRP theft at Binance and issued a report recommending &#8216;contact the exchange,&#8217; whereas in reality, the Bridgers service was used, or they would have failed to identify addresses linked to Huione,&#8221; he noted.<\/em><\/p>\n<\/blockquote>\n<p>Overall losses in the digital asset industry due to hacking attacks in the third quarter <a href=\"https:\/\/forklog.com\/en\/news\/crypto-industry-losses-from-hacks-drop-by-37-in-q3\">fell<\/a> by 37% to $509 million, according to CertiK analysts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals have stolen 1.2 million XRP, valued at $3 million, from a user&#8217;s wallet in the United States. The incident was reported by on-chain investigator ZachXBT.<\/p>\n","protected":false},"author":1,"featured_media":90066,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"The victim was an inexperienced user.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1323,112,1246,26],"class_list":["post-90065","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-investigations","tag-ripple","tag-scammers","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"282","promo_type":"1","layout_type":"1","short_excerpt":"The victim was an inexperienced user.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=90065"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90065\/revisions"}],"predecessor-version":[{"id":90067,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/90065\/revisions\/90067"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/90066"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=90065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=90065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=90065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}