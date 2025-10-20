Search
News
4 min read

ZachXBT Traces $3M XRP Theft to Southeast Asian Laundering Ring

Investigator ZachXBT traced a trader's $3.05M in stolen XRP from a fake Ellipal wallet to Huione, a Southeast Asian laundering network.

ZachXBT says the likelihood of this victim recovering any funds is “rather low” | Image Credit: Pexels

Key Takeaways
  • A U.S.-based victim who lost $3.05 million XRP from their Ellipal wallet has been traced to Cambodia-based Huione, a conglomerate linked to large-scale illicit finance across Southeast Asia.
  • The victim mistakenly believed they were using a cold Ellipal wallet, when it was actually a custodial hot wallet.
  • ZachXBT warned that “over 95% of recovery companies are predatory.”

A viral YouTube video showing a U.S.-based victim losing $3.05 million (1.2 million XRP) from their Ellipal wallet has drawn the attention of blockchain investigator ZachXBT, who traced the stolen funds across chains to a Southeast Asian laundering network.

Traced to Huione

In a detailed thread posted on X, ZachXBT said the attacker created over 120 Ripple-to-Tron bridge transactions on Oct. 12 using the Bridgers platform, which relies on Binance for liquidity.

The stolen funds were later consolidated on a Tron address before being laundered through Cambodia-based financial services conglomerate Huione.

By Oct. 15, the funds had completely vanished into the network, according to ZachXBT’s tracing.

Huione has faced increasing international scrutiny for facilitating billions of dollars in illicit transactions connected to pig-butchering scams, investment fraud, and human trafficking across Southeast Asia.

ZachXBT noted that the U.S. government recently expanded sanctions on entities tied to Huione in response to its involvement in global financial crimes.

Wallet Confusion

According to the investigator, the XRP victim believed they were using a cold Ellipal wallet, but in reality, the product was custodial and connected to the internet, making it vulnerable to exploitation.

“One lesson our industry needs to do better with is not causing confusion with products when you offer both custodial and non-custodial options,” ZachXBT wrote.

He argued that these misunderstandings highlight broader issues in crypto product design and user education, particularly when marketing to less-experienced users.

“Frequently I see large Coinbase support impersonation thefts where victims transfer funds from their CB exchange account to a compromised CB wallet after being social engineered,” he added.

Law Enforcement Issues

According to ZachXBT, the victim later mentioned being unable to quickly contact U.S. law enforcement after losing $3 million.

The investigator said that few law enforcement agencies are qualified to handle such thefts and that, with “endless victim reports,” many cases go overlooked.

He also warned that “over 95% of recovery companies are predatory,” charging large sums for minimal or misleading work.

Law enforcement is lacking in qualified staff to handle crypto theft cases | Source: X

According to ZachXBT, many of these firms would have stopped tracing the stolen XRP at Binance or issued generic advice like “contact Binance,” missing that the funds had actually moved through Bridgers and into Huione-linked wallets.

“You cannot press a magic button for the funds to be returned,” he wrote.

“There’s many external variables out of anyone’s control so you need to understand that retaining a firm is just about improving your odds for the potential of any recovery.”

Recovery Unlikely

In a follow-up post, ZachXBT said the likelihood of this victim recovering any funds is “rather low” due to a delay in reporting the theft to competent people in the private sector.

“Unfortunately the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector,” he wrote.

He advised victims to report theft addresses as quickly as possible, saying that otherwise “it can be difficult to detect that a theft even took place.”

ZachXBT also said that “Ripple does not have as good of a support system for victims within their community as there is in Bitcoin, Ethereum, Solana, and major EVM chains.”

Table of Contents
    Kurt Robson
    About the Author

    Kurt Robson

    Kurt Robson is a London-based reporter at CCN, specialising in the fast-moving worlds of crypto and emerging technology. He began his career covering local news in Cornwall after graduating from Falmouth University with First Class Honours in Journalism. There, he cut his teeth on everything from council meetings to missing swans. He quickly rose through the ranks to become a frontline journalist at several of the UK’s leading national newspapers. Over the years, he has interviewed musicians and celebrities, reported from courtrooms and crime scenes, and secured multiple front-page exclusives. Following the upheaval of the COVID-19 pandemic, Kurt shifted his focus to technology journalism—just ahead of the AI boom. With a natural curiosity and a trained eye for emerging trends, he has found a new rhythm in reporting on innovation. At CCN, Kurt's work focuses on the cutting edge of crypto, blockchain, AI, and the evolving digital world. Drawing on his background in people-first reporting and his deep interest in disruptive tech, Kurt delivers stories that are insightful, entertaining, and human-centric.
    See more
    [email protected] LinkedIn Twitter
