Главное:

• A 54-year-old retiree from North Carolina reported the theft of more than $3 million in XRP from his Ellipal wallet
• The company claims that the user entered a seed phrase into the mobile app, turning the cold wallet into a hot wallet and thereby exposing it to attackers
• On-chain analyst ZachXBT traced the path of the stolen funds, which were transferred via Bridgers to the Tron network and distributed among brokers associated with Huione

Brandon Laroque, a retiree from North Carolina, reported that more than $3 million in XRP had disappeared from his Ellipal mobile app. Brandon, 54, said that this was all the savings he and his wife had, and they were planning to buy a house in Las Vegas. Brandon had been accumulating XRP since 2017, gradually selling and buying the asset.

In a video posted on YouTube, Brandon explained that the theft occurred on Sunday, October 12. Two small test transactions of 10 XRP were recorded at around 11:15 a.m. Eastern Time, after which approximately 1 209 990 XRP were transferred to an unknown address.

From there, the funds were split and moved across dozens of wallets in a matter of minutes, and then across hundreds more over the course of several hours. His assets of $1000 in XLM and $900 in FLR remained untouched.

Comments from the Ellipal team

On October 18, Ellipal released a statement on the results of an internal investigation, claiming that Brandon entered the seed phrase of his hardware wallet into the Ellipal mobile app, turning the cold wallet into a hot wallet.

In an email, the company explained that when a seed phrase is imported into a phone or tablet, the device stores the private keys by connecting to the internet and removes the protection that keeps the cold wallet secure.

The company stated that thefts from its physical wallets had never occurred and insisted that the incident was similar to a user error. However, the company acknowledged that it was unable to prove how the theft technically occurred.

ZachXBT tracks stolen XRP

On-chain sleuth ZachXBT published a detailed thread on X, explaining how he identified the address of the theft by comparing the transaction times and amounts shown in Brandon’s video. The expert reported that the attacker used Bridgers, an exchange service formerly known as SWFT, to conduct more than 120 Ripple-to-Tron conversions on October 12.

Source: X.com

According to ZachXBT, the stolen XRP was eventually consolidated on the Tron network in a wallet labeled TGF3hP5GeUPKaRJeWKpvF2PVVCMrfe2bYw. They were then sent to several over-the-counter brokers associated with Huione, a Southeast Asian trading platform flagged by US law enforcement for illegal transfers.

Three days later, the funds were transferred to numerous addresses, making their recovery virtually impossible.