A $3 million XRP theft exposes a US retiree’s Elipal wallet and exposes a predatory industry that preys on post-hack victims.
Blockchain researcher ZachXBT, who tracked $3.05 million in losses across more than 120 cross-chain swaps, warned that most companies are charging desperate users exorbitant fees with empty promises of compensation.
Sponsored Sponsored
$3M XRP hack exposes predatory cryptocurrency recovery company
The incident began earlier this month when Brandon Larocque discovered that 1.2 million XRP had been leaked from his Elipal wallet. Remarkably, the loot, worth $2.88 million at current rates, comprised the 54-year-old retiree’s lifetime savings accumulated since 2017.
He believed his funds were kept in cold storage. But then LaRoque learned that when he imported his seed phrase into the Ellipal mobile app, his setup was effectively converted into a hot wallet.
“I have been accumulating XRP for the past eight years,” Larocque said in a YouTube video detailing the theft. “Now we’re fully retired, and we don’t know what’s going to happen.”
ZachXBT’s on-chain investigation revealed that the attacker converted the stolen XRP through 120 Ripple-to-Tron bridge transactions. They leveraged Bridgers (formerly SWFT) before consolidating their funds into Tron.
Within three days, the assets disappeared into an OTC desk associated with Fuione. The US Treasury recently sanctioned a Southeast Asian payment network for laundering billions of dollars in fraud, human trafficking and cybercrime.
This incident exposed a significant weakness in global law enforcement by tying XRP theft to Huione’s network. U.S. authorities say Fuione facilitated the fraudulent transfer of more than $15 billion.
The downside is that it is difficult to disrupt laundering pipelines across jurisdictions, even if the blockchain trail is publicly available.
Sponsored Sponsored
predatory recovery industry
While law enforcement often struggles to respond quickly, ZachXBT says a recovery economy is emerging that capitalizes on victims’ desperation.
“Another lesson is that over 95% of collection agencies are predatory, charging large sums of money for basic reports with little actionable insight,” he wrote.
He added that many such companies rely on SEO and social media targeting to lure victims. They often only provide superficial blockchain reports or tell clients to “contact your exchange.”
This second layer of exploitation turns many high-value hacks into multi-stage crimes. First by hackers and then by fake recovery operators who promise to recover funds that are actually long gone.
Self-custody disruption and widespread risks
Beyond the evidence of money laundering, the Elipal case has reignited the debate over the safety of self-custody. Victims confusing Elipal’s cold wallet with its app-based hot wallet reflects issues of opaque wallet design and gaps in user education.
With few law enforcement agencies equipped to deal with crypto-related crimes, it is unlikely that Larocque’s $3 million will be recovered. As transnational laundering networks like Fuione flourish, the challenges further increase.
But the real tragedy is that the next wave of losses may not come from hackers, but from people claiming to help you get your money back, suggests ZachXBT.
