He Woke Up to Find $3M in XRP Gone — The Story of Savings Lost Overnight in an “Ellipal” Wallet

One-Minute Summary:

🔹 Retired American Brandon Laroque (54) from North Carolina discovered on October 15 that ~1,209,990 XRP worth over $3 million had vanished from his Ellipal wallet.

🔹 Ellipal claims that importing the seed phrase into the mobile app turned his “cold” wallet into a “hot” one.

🔹 On-chain detective ZachXBT traced the stolen funds across the Tron network and OTC brokers — the money was scattered across hundreds of addresses within hours.

🔹 Brandon filed a report with the FBI’s Internet Crime Complaint Center and local police, but the recovery of funds remains unlikely.

When Brandon Laroque opened his Ellipal app on October 15, he was met with an empty account — where just a day earlier lay his and his wife’s entire life savings. The man, who had been building his XRP position since 2017 and occasionally selling small portions to cover living expenses, lost about 1,209,990 XRP, crushing their plan to buy a house in Las Vegas overnight. “It was everything we had,” Brandon said frankly. In a YouTube video, he described waking up one morning to find their dream and savings gone. He admits he doesn’t expect to get the funds back but shares his story hoping it will warn others — especially about what “cold storage” really means.

What Happened — Timeline of Events On Sunday, October 12, around 11:15 AM ET, two small test transactions of 10 XRP each appeared.Immediately afterward, a transfer of ~1,209,990 XRP was made to a new address.From there, the funds were split into dozens of wallets within minutes and hundreds more within hours — the thieves moved fast.

Smaller balances — around $1,000 in XLM and $900 in FLR — were left untouched. Video:

Ellipal Responds — User Error or Confusing Interface? On October 18, Ellipal released a statement saying its internal review showed that Brandon had imported his hardware wallet’s seed phrase into the mobile app. Doing so, the company said, deactivated the protective “cold wallet” layer — the private keys were stored on the device and connected to the internet, effectively turning the wallet into a “hot” one. Ellipal stressed that its physical devices are air-gapped (never connected via Wi-Fi, Bluetooth, or USB) and that no theft has ever occurred from its hardware wallets — suggesting this was likely user error. However, the company admitted it could not technically prove how the hack happened. Brandon said he simply followed the app’s interface. The iPhone version had a blue background (indicating a “cold” wallet), while the iPad version had an orange background (“hot”). “If blue means cold and orange means hot, why wasn’t that explained more clearly?” he asked in his video. Ellipal hasn’t confirmed whether the color cues failed or were misunderstood but maintained that entering the seed phrase into the app instantly removes all protection.

On-Chain Investigation — ZachXBT Follows the Trail Blockchain detective ZachXBT quickly traced the stolen XRP. By cross-checking transaction timestamps and values shown in Brandon’s videos, he identified the main address used in the theft. According to him, the attacker used the Bridgers service (formerly SWFT) on October 12 to swap and bridge over 120 XRP-to-Tron conversions. Some transactions appeared to route liquidity through large exchanges, making the trail harder to follow. Zach found that the stolen XRP was consolidated in a Tron wallet (address starting with TGF3…) and then sent to several OTC brokers linked to Huione, a Southeast Asian marketplace previously associated with suspicious transfers. Three days later, the funds were dispersed to countless addresses — making recovery virtually impossible.

A Warning to the Community ZachXBT also warned users to avoid so-called “crypto recovery services,” calling them scams that charge high fees for fake investigations. The only realistic response, he said, is immediate reporting to legitimate investigators, exchanges, and law enforcement — sometimes allowing exchanges or wallets to freeze stolen assets. But once funds are bridged across chains and pushed through OTC channels, “there’s almost no way back.” Brandon has since filed a report with the FBI’s Internet Crime Complaint Center (IC3) and contacted local police, though he says it’s difficult to quickly reach specialized cybercrime investigators.

Conclusion:

The Laroques’ story is a harsh reminder that wallet interfaces and user awareness are not minor details — they can determine whether your savings vanish overnight. Importing a seed phrase into any internet-connected device instantly voids the core security of cold storage. Stay cautious, double-check every app interface, and when in doubt, ask a trusted expert.

#xrp , #crypto , #security , #blockchain , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies! Notice: ,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“