US crypto investors suffered even more losses $3 million worth of XRP After my Ellipal wallet was compromised. The funds didn’t just disappear, they were tracked as they moved across the blockchain, exchanged through bridges, and were eventually laundered into an OTC network linked to Fuione, which is known for handling illicit funds. The incident, uncovered by on-chain investigator ZachXBT, reveals how wallet misconfigurations and cross-chain laundering will continue to plague the crypto space in 2025.
Expensive XRP hack: $3.05 million in XRP stolen
A US cryptocurrency investor lost approximately $3.05 million worth of XRP when his Ellipal wallet was compromised. Blockchain investigator ZachXBT tracked the stolen assets as they passed through multiple bridges, eventually ending up at an over-the-counter (OTC) venue believed to be associated with Huione, a network that has been repeatedly flagged by authorities for laundering operations related to cybercrime in Southeast Asia.
How did the XRP hack unfold?
According to ZachXBT’s on-chain analysis According to a post on October 19th, stolen XRP was swapped over 120 times from Ripple to Tron via the Bridge Protocol on October 12th. The funds were then consolidated into Tron and sent to an OTC account connected to Fuione by October 15th. This pattern (rapid cross-chain swaps followed by OTC off-ramps) has become a hallmark of large-scale cryptocurrency laundering schemes.
Connections with Fuione and ongoing US crackdown
Huione and its associated markets are under intense scrutiny by the U.S. Treasury Department and FinCEN. In early 2025, regulators proposed listing Cambodia’s Huione Group as a major money laundering concern due to billions of dollars in suspicious cryptocurrency flows. The latest incident confirms these findings and shows how over-the-counter exchanges associated with the group continue to absorb stolen digital assets despite enforcement efforts.
false sense of security
ZachXBT suggested that the victim may have misunderstood how the wallet worked. Users apparently believed they were using a cold storage (offline) device, but it was actually functioning as a hot wallet connected to the internet.
This confusion highlights a growing problem. Hybrid products that blur the lines between custodial and non-custodial solutions often create a false sense of security. For an inexperienced user, that difference could mean a loss for the entire portfolio.
Wider context: Wallet exploits are on the rise
This hack reflects broader trends in the 2025 cryptocurrency security landscape. TRM Labs report earlier this year Over $2 billion was discovered stolen in just six months due to front-end compromises, private key theft, and wallet compromises. Many of these incidents shared the same cleaning patterns seen in this incident (cross-chain swaps and OTC cashouts).
Grim outlook for recovery
ZachXBT pointed out that it is unlikely that stolen XRP can be recovered. Once assets are spread across multiple networks and exit through OTC desks in less regulated jurisdictions, it becomes nearly impossible to track and freeze them.
Jurisdictional barriers and reporting delays further complicate the problem, leaving victims with little choice but to expose traces of laundering to the public.
Call for stronger exchange monitoring
To curb such laundering pipelines, ZachXBT called on centralized exchanges and stablecoin issuers to strengthen transaction monitoring and implement stricter KYC for OTC intermediaries. Without stronger collaboration between regulators, exchanges, and blockchain analysis firms, these cross-chain laundering loops will undermine the credibility of cryptocurrencies.
