In a sobering reminder of the critical importance of security in self-custody, a North Carolina crypto investor revealed on the 19th that over $3 million in XRP was stolen from his hardware wallet. The victim, 54-year-old Brandon Laroche, discovered on October 15th that his Ellipal hardware wallet had been drained of 1,209,990 XRP in a theft that occurred on October 12th.
1/ A video went viral on YT this week after a US based victim lost $3.05M (1.2M XRP) from their Ellipal wallet.
Here’s the tracing of where the stolen funds ended up and the biggest takeaways for similar thefts. pic.twitter.com/Gyw0OWjts4
— ZachXBT (@zachxbt) October 19, 2025
The incident underscores a common, yet devastating, point of failure: the improper handling of a wallet’s seed phrase.
The Cold Wallet Pitfall: A Probable User Error
In a statement released on the 18th, Ellipal, the wallet manufacturer, detailed the results of its investigation. The company concluded that the user likely entered his wallet’s secure seed phrase into the internet-connected mobile app, a critical mistake that effectively converted the high-security “cold wallet” into a “hot wallet” exposed to online threats.
Ellipal’s system uses a color-coded indicator within its app—blue for a secure cold wallet connection and orange for a hot wallet. Laroche noted that while his iPhone showed the secure blue background, his iPad displayed the orange one, suggesting a possible moment of misidentification. The company emphasized that its hardware device itself maintains an “air-gapped” state, isolated from external networks, and stated that “no theft originating from the hardware itself has been identified,” pointing to user error rather than a device vulnerability.
Funds Laundered Through Sanctioned Platform
The stolen funds were quickly moved, according to an analysis by anonymous on-chain investigator ZachXBT. The XRP was bridged to the TRON network and subsequently laundered through over-the-counter (OTC) channels. Alarmingly, the laundering involved Huione, a Southeast Asian platform recently sanctioned by U.S. regulators for fraud and money laundering. The involvement of a sanctioned entity makes the recovery of the funds highly unlikely.
The theft has had profound personal consequences. Laroche, who had been accumulating XRP since 2017, stated the stolen funds were intended to support his retirement, highlighting the very real human cost behind such security breaches. Moreover, a secured wallet is essential to store your asserts as well.
