North Carolina Investor Loses 1.2M XRP in Devastating Hack

North Carolina Investor Loses 1.2M XRP in Devastating Hack
A North Carolina investor lost 1.2 million XRP worth over $3 million after hackers drained his Ellipal wallet. Discover how the XRP hack happened, expert insights from ZachXBT, and key security lessons every crypto holder should know. A North Carolina crypto investor, Brandon LaRoque, has lost his life savings after hackers drained 1.2 million XRP worth over $3 million from his digital wallet. The shocking incident highlights once again the importance of wallet security and understanding the difference between cold and hot storage in cryptocurrency.

How the XRP Hack Happened

Brandon, who began investing in crypto back in 2017, said he had slowly accumulated his XRP holdings over eight years, storing them in what he believed to be an Ellipal cold wallet. He followed standard security measures keeping his seed phrase written down and secured offline and ignoring suspicious calls or emails. However, on October 15, 2025, he woke up to a devastating discovery: all 1.2 million XRP were gone. A review of his wallet activity showed that hackers had made a small test transfer of 10 XRP on October 12, followed by a massive withdrawal of 1,209,000 XRP spread across more than 30 wallets. From there, the stolen tokens were divided into hundreds of smaller wallets, each holding between 500 and 900 XRP, making the funds extremely difficult to trace. Strangely, the hackers left behind other assets, including $1,000 worth of XLM and $900 worth of FLR tokens.

Investor’s Emotional Reaction

For Brandon, the XRP represented his retirement savings and a plan to move with his wife to Las Vegas and buy a home. The emotional toll was immense, as he revealed in a video uploaded the same day of the hack. Despite the massive loss, he expressed some relief that he still owns a small investment in precious metals, though it represents only a fraction of what he had placed in crypto. Brandon also confirmed that he has reported the case to the FBI’s Internet Crime Complaint Center (IC3), but as of now, he has received no updates.

Blockchain Investigator Reveals the Attack Method

On-chain investigator ZachXBT analyzed the case and concluded that the breach was likely caused by user error. According to his findings, Brandon had unknowingly used the hot wallet version of Ellipal rather than the cold wallet, which allowed his funds to be exposed online. ZachXBT traced the attackers’ actions, revealing that they executed over 120 XRP-to-Tron swaps using Bridgers (formerly SWFT) on October 12, with Binance providing liquidity. Afterward, the stolen XRP was moved into a Tron wallet (TGF3h…e2bYw) and then laundered through Huione-associated OTC desks in Southeast Asia on October 15 a network already linked to laundering billions in illicit funds. He added that due to the delay in reporting, the chance of recovering the stolen XRP is extremely low.

Ellipal Responds to the Incident

Following the report, Ellipal issued a public statement clarifying that its cold wallet system was not hacked. The company explained that Brandon compromised his own security by importing his cold wallet’s seed phrase into a hot wallet, effectively making the private keys accessible online. Ellipal said it has been in contact with Brandon and will continue offering support, while warning all users never to import their cold wallet seed phrases into any online or mobile wallet. The company also reminded users to keep all recovery phrases and hardware devices completely offline.

Lessons for Crypto Holders

This incident serves as a strong reminder that even experienced investors can make small mistakes that lead to catastrophic losses. To stay safe:
  • Always confirm you are using a true cold wallet that stays completely offline.
  • Never reuse or import your seed phrase into any connected app.
  • Regularly monitor your wallet activity for small “test transactions.”
  • Report suspicious activity immediately to both authorities and private blockchain investigators.
Hackers continue to exploit human error rather than system flaws, proving that security awareness is the strongest defense in crypto. North Carolina Investor Loses 1.2M XRP in Devastating Hack FQA

What happened to the North Carolina man’s XRP holdings?
A North Carolina investor named Brandon LaRoque lost 1.2 million XRP, valued at over $3 million, after hackers gained access to his wallet. The attack was traced to a user error where his cold wallet seed phrase was imported into a hot wallet.

Was the Ellipal cold wallet hacked?
No. Ellipal confirmed that its cold wallet system remains secure. The issue occurred because the user imported his cold wallet’s recovery phrase into a hot wallet, exposing the funds to online risks.

How did the hackers move the stolen XRP?
Blockchain investigator ZachXBT found that the attackers swapped XRP for Tron (TRX) through Bridgers and later laundered the funds using Huione-linked OTC desks in Southeast Asia.

Can the stolen XRP be recovered?
Unfortunately, recovery is highly unlikely. Once funds are laundered across multiple wallets and platforms, tracing and reclaiming them becomes nearly impossible, especially when reports are delayed.

How can crypto investors protect their wallets?
Investors should keep their seed phrases completely offline, never import them into online wallets, use verified cold storage devices, and regularly monitor wallet activity for suspicious transactions.