ZachXBT Uncovers $3 Million XRP Theft from American Wallet

The victim was an inexperienced user.

Cybercriminals have stolen 1.2 million XRP, valued at $3 million, from a user’s wallet in the United States. The incident was reported by on-chain investigator ZachXBT.

1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.

Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4

— ZachXBT (@zachxbt) October 19, 2025

According to him, on October 12, hackers created over 120 orders to convert XRP into TRX via the Bridgers aggregator. By the 15th, the fraudsters had consolidated all the funds on the Tron network and then laundered them through over-the-counter exchanges linked to the world’s largest illegal marketplace Huione.

ZachXBT noted that the victim was an inexperienced user, and the incident occurred due to his mistake. The victim believed he was using Ellipal cold storage, but was actually dealing with a hot wallet.

The expert believes the chances of recovering the assets are slim. The user was unable to quickly contact American law enforcement agencies. The Ripple community also lacks a “good” system for victims, the on-chain investigator emphasized.

Lessons

ZachXBT stated that systemic issues contribute to widespread cryptocurrency thefts. Wallet manufacturers often complicate users’ understanding of the difference between custodial and non-custodial products.

“I often encounter large-scale thefts through phishing disguised as Coinbase support, where socially engineered victims transfer funds from their exchange account to a compromised Coinbase Wallet. Afterwards, some victims claim they were unaware of the difference between these products,” he wrote.

The problem is exacerbated by deficiencies in law enforcement operations. According to the expert, there is a shortage of qualified investigators who can address such issues. Meanwhile, the volume of reports exceeds the authorities’ capabilities.

In the on-chain investigator’s view, the most effective jurisdictions are the United States, the Netherlands, Singapore, and France. However, the final outcome depends on the specific executor, he clarified. In other countries, the process is even less productive and too costly.

“Another lesson is that over 95% of companies offering fund recovery services are predatory, charging large sums for basic reports with little useful information,” the expert added.

Firms that use SEO promotion act particularly aggressively. According to ZachXBT, they take on hopeless cases to profit from desperate victims.

“Bad companies would have stopped tracing this XRP theft at Binance and issued a report recommending ‘contact the exchange,’ whereas in reality, the Bridgers service was used, or they would have failed to identify addresses linked to Huione,” he noted.

Overall losses in the digital asset industry due to hacking attacks in the third quarter fell by 37% to $509 million, according to CertiK analysts.