By Key Points
- A retiree lost $3M in XRP after importing keys into a mobile app
- Funds were laundered via 120 swaps and sent to sanctioned OTC desks
- ZachXBT warns 95% of recovery firms are scams in disguise
- The XRP hack triggers fresh concerns around self-custody risks
The recent XRP hack that drained $3 million worth of tokens from a U.S. retiree has sent shockwaves through the crypto world, not just for the theft itself, but for what it uncovered next.
Brandon LaRoque, a 54-year-old retiree, lost 1.2 million XRP, his life savings, after unknowingly turning his secure cold wallet into a hot wallet by importing his seed phrase into the Ellipal mobile app. This simple mistake made his funds accessible to hackers.
“I’ve been accumulating XRP for the past eight years,” LaRoque shared in a YouTube video. “It was our whole retirement, and I don’t know what we’re going to do.”
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.
Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4
— ZachXBT (@zachxbt) October 19, 2025
This XRP hack was thoroughly investigated by blockchain sleuth ZachXBT. He traced the stolen assets through 120 complex cross-chain swaps, where the attacker used bridging tools like Bridgers (formerly SWFT) to move the funds from Ripple to Tron.
Eventually, the funds were consolidated and routed through OTC desks linked to Huione, a network recently sanctioned by the U.S. Treasury for money laundering and other criminal activity.
8/ Another lesson is >95% of recovery companies are predatory and charge large amounts for basic reports with few actionable insights.
I have found the firms who optimize SEO tend to be more predatory.
Predatory firms will pursue cases when recovery does seem not viable just… pic.twitter.com/56l9ID3LdF
— ZachXBT (@zachxbt) October 19, 2025
In just 72 hours, millions were gone, laundered through layers of blockchain transactions into regions beyond U.S. jurisdiction. The XRP hack quickly escalated from a personal tragedy to a case study in global crypto vulnerabilities.
The event echoes recent crypto whale movements, where large players made billion-dollar shifts, raising concerns over security, timing, and market manipulation.
Recovery Firms Exploit Victims After XRP Hack
What made the situation worse was what came after the XRP hack. LaRoque, like many victims, began searching for help to recover the stolen funds. That’s when the second layer of exploitation began—this time from fake crypto recovery firms.
According to ZachXBT, more than 95% of crypto recovery services are predators. These firms offer false hope, charging thousands of dollars for vague blockchain reports or generic advice. In most cases, the money is already irretrievable, but the victims don’t know that.
“Another lesson is >95% of recovery companies are predatory and charge large amounts for basic reports with few actionable insights,” ZachXBT posted on social media.
Honestly now centralized exchange with multiple 2fa is safer for most users, compared to non custodial wallet
— Lalasong 🎮 (@lalasonghs) October 19, 2025
These fraudulent companies aggressively target victims of incidents like the XRP hack, using social media, SEO tactics, Telegram groups, and even paid YouTube placements.
Their strategies are sophisticated, but their services are hollow. Many just repackage publicly available blockchain data, or tell users to “contact the exchange”, a dead end in most cases.
This secondary victimization is becoming an unfortunate norm. Every major crypto exploit, including this XRP hack, leads to not one, but two waves of crime:
-
The hacker stealing the funds
-
Fake recovery firms scamming the victims again
In the broader context, this mirrors other incidents like the Paxos minting error, where institutional missteps and regulatory confusion sparked further chaos.
The XRP Hack Reveals Flaws in Self-Custody Understanding
The XRP hack also reignited debate around the complexities of crypto self-custody. LaRoque believed he had followed best practices by using a cold wallet.
However, the moment he imported his private keys into the Ellipal app, the wallet became a hot wallet, exposing his assets to online threats.
This highlights a major gap in user education. Wallet manufacturers and crypto platforms often fail to explain the risks clearly. Users like LaRoque, especially older or less technical ones, are left vulnerable.
The truth is, self-custody is only secure if users fully understand how their wallets work. In this case, the XRP hack happened not because of a flaw in Ellipal’s hardware, but because of a misstep in usage—a detail that many wouldn’t catch without deep technical knowledge.
The laundering path also reveals how complex and globalized crypto crime has become. Even though every transaction in the XRP hack was recorded on-chain, it was virtually impossible to stop or reverse the theft in real time.
Worse, the attacker routed funds through Huione, a Southeast Asian OTC network recently sanctioned for laundering over $15 billion in illegal transactions tied to scams, cybercrime, and human trafficking.
This shows that even the most transparent financial system, the blockchain, is powerless against jurisdictional loopholes.
Similar jurisdictional vulnerabilities have impacted massive movements in Bitcoin too. For example, the Mt. Gox Bitcoin deadline is raising concerns about how billions in BTC will be handled across different regulatory frameworks.
Even BNB projects have seen increasing risk levels. Projects under BNB Chain are now reevaluating wallet safety practices and user education strategies.
And while Bitcoin remains the king of crypto, recent market dips have added to the uncertainty. Despite being down 17%, some analysts like Arthur Hayes still urge investors to “buy the dip”, but only if they understand the risks.
The XRP hack is more than a story of lost funds. It’s a mirror reflecting the darker corners of crypto, the gaps in user education, the rise of predatory recovery services, and the difficulty of stopping international laundering even when every move is recorded on-chain.
As ZachXBT warns, the next wave of losses may not come from hackers. It could come from the very people promising to help you recover what’s already gone.
What is your reaction?
