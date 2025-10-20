A viral YouTube video showing a U.S.-based victim losing $3.05 million (1.2 million XRP) from their Ellipal wallet has drawn the attention of blockchain investigator ZachXBT, who traced the stolen funds across chains to a Southeast Asian laundering network.
In a detailed thread posted on X, ZachXBT said the attacker created over 120 Ripple-to-Tron bridge transactions on Oct. 12 using the Bridgers platform, which relies on Binance for liquidity.
The stolen funds were later consolidated on a Tron address before being laundered through Cambodia-based financial services conglomerate Huione.
By Oct. 15, the funds had completely vanished into the network, according to ZachXBT’s tracing.
Huione has faced increasing international scrutiny for facilitating billions of dollars in illicit transactions connected to pig-butchering scams, investment fraud, and human trafficking across Southeast Asia.
ZachXBT noted that the U.S. government recently expanded sanctions on entities tied to Huione in response to its involvement in global financial crimes.
According to the investigator, the XRP victim believed they were using a cold Ellipal wallet, but in reality, the product was custodial and connected to the internet, making it vulnerable to exploitation.
“One lesson our industry needs to do better with is not causing confusion with products when you offer both custodial and non-custodial options,” ZachXBT wrote.
He argued that these misunderstandings highlight broader issues in crypto product design and user education, particularly when marketing to less-experienced users.
“Frequently I see large Coinbase support impersonation thefts where victims transfer funds from their CB exchange account to a compromised CB wallet after being social engineered,” he added.
According to ZachXBT, the victim later mentioned being unable to quickly contact U.S. law enforcement after losing $3 million.
The investigator said that few law enforcement agencies are qualified to handle such thefts and that, with “endless victim reports,” many cases go overlooked.
He also warned that “over 95% of recovery companies are predatory,” charging large sums for minimal or misleading work.
According to ZachXBT, many of these firms would have stopped tracing the stolen XRP at Binance or issued generic advice like “contact Binance,” missing that the funds had actually moved through Bridgers and into Huione-linked wallets.
“You cannot press a magic button for the funds to be returned,” he wrote.
“There’s many external variables out of anyone’s control so you need to understand that retaining a firm is just about improving your odds for the potential of any recovery.”
“Unfortunately the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector,” he wrote.
He advised victims to report theft addresses as quickly as possible, saying that otherwise “it can be difficult to detect that a theft even took place.”
ZachXBT also said that “Ripple does not have as good of a support system for victims within their community as there is in Bitcoin, Ethereum, Solana, and major EVM chains.”