Hackers steal $3.05m XRP from cold wallet, ZachXBT traces funds

Crypto investigator ZachXBT traced the funds of a victim who lost their life savings of $3.05 million in XRP.

Self-custody is a powerful tool for security, but only if users know what they are doing. On Sunday, Oct. 19, crypto investigator ZachXBT revealed a case of a victim losing $3.05 million in XRP from a cold wallet. The investigator ultimately traced the funds to a Southeast Asian crypto laundering ring.

The initial theft happened on Oct. 12, when attackers drained the victim’s (XRP) wallet. The victim used an Ellipal hardware wallet, which markets itself as a cold wallet. However, the victim made the mistake of importing their seed phrase into the Ellipal mobile app.

This effectively made it into a hot wallet, meaning it became connected to the internet. ZachXBT explained that importing a seed phrase into a mobile app completely defeats the purpose of cold storage and exposes users to hacks.

How hackers laundered $3.05 in XRP

Following the breach, hackers used the cross-chain bridge Bridgers to swap the XRP into Tron (TRX) in over 120 transactions. The transactions appeared to go to Binance, but this was actually part of Bridgers’ liquidity path.

After the laundering steps, the attackers moved all tokens into a single Tron wallet, making it easier to move the funds off-chain. For that purpose, they used OTC desks adjacent to Huione, a Southeast Asia–based illicit online marketplace.

According to ZachXBT, Huione has connections to hacks, pig-butchering scams, money laundering, and more. The exchange has also been sanctioned by the U.S. government for facilitating massive illicit crypto flows.