Brandon LaRoque, a North Carolina crypto investor, emotionally recounts how he lost 1.2 million XRP, valued at more than $3 million, to hackers.
The victim, who has been investing in crypto since 2017, revealed that he had gradually accumulated 1.2 million XRP over the past eight years, which were stored in an Ellipal cold wallet.
According to him, he has followed standard security practices, including writing down and storing his seed phrase in a safe place, while also avoiding suspicious calls. Despite sticking to these safety measures, he woke up on October 15 to find all 1.2 million XRP stolen.
Victim’s Discovery
Upon reviewing the wallet activity, Brandon disclosed that the attackers first made a test transaction on October 12 by transferring 10 XRP out of the wallet to a newly created wallet. A few minutes later, the attackers transferred another 1,209,000 XRP to more than 30 newly created wallets.
From there, he said the funds were rapidly split into hundreds of smaller wallets, within the range of 500–900. Having stolen over 1.2 million XRP, the attackers left other assets in the wallet, including $1,000 worth of XLM and roughly $900 worth of FLR tokens.
Feeling devastated, Brandon disclosed that the stolen XRP tokens were his retirement plans, as he and his wife planned to buy a house in Las Vegas and move there. However, he expressed gratitude that he invested in precious metals even though it is a much smaller investment compared to what he committed into crypto.
As of the time of the video on October 15, Brandon disclosed that he filed a report with the FBI via IC3 but has not gotten any feedback.
How Hackers Laundered the Funds
Meanwhile, ZachXBT, a prominent on-chain sleuth, provided insight into the incident, suggesting that the heist was as a result of a user error. According to ZachXBT, Brandon believed he was using the Ellipal cold wallet, whereas it was the hot version.
Following an investigation, ZachXBT discovered that the attackers executed over 120 XRP to Tron swaps through Bridgers (formerly SWFT) on October 12, 2025, using Binance for liquidity.
After the mixing, the funds consolidated in a Tron wallet, TGF3h…e2bYw, and was eventually laundered through Southeast Asian-based Huione-associated OTC desks on October 15. This platform, according to Zach, is notorious for laundering billions of dollars worth of illicit funds.
Notably, the on-chain sleuth stressed that the likelihood of Brandon recovering the funds is very low due to reporting delays.
Ellipal Reacts
In the meantime, Ellipal took to X to clarify that its cold wallet was not hacked. It revealed that Brandon compromised his security by importing his cold wallet’s seed phrase into a hot wallet.
As a result, the funds became accessible online, allowing the attackers to siphon the 1.2 million XRP tokens. Having spoken with Brandon, Ellipal disclosed that it will continue to support him and warned other users against importing their cold wallet’s seed phrase into any online-based wallet.
Also, users are advised to keep their recovery phrases and storage devices completely offline to avoid falling prey to hackers. As ZachXBT pointed out, hack victims should quickly report these incidents to competent entities in the private sector to help recover the funds.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.