Three lessons for the crypto industry and users after $3M theft

Published: 21 October 2025
bag crypto coins three million phshing fishing hook
Image by Cybernews.

The recent theft of XRP tokens, worth around $3 million at the time, has provided the crypto industry and its users with three valuable lessons that could help avoid costly mistakes in the future.

An American XRP investor, Brandon LaRoque, published a now-viral video on YouTube telling the story of how he lost his funds to a theft that drained his Ellipal wallet.

LaRoque said the tokens were stolen on October 12th, but he only noticed the funds were gone on October 15th when he checked the Ellipal app. While the victim said he doesn't know what went wrong or how he lost the funds, Ellipal, a manufacturer of hardware wallets, claims that this was not a “cold,” or hardware wallet hack, but a “hot,” or online wallet theft.

ADVERTISEMENT
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Follow us

"It turns out the user accidentally imported their cold wallet seed phrase into the app, which made it a hot wallet," the company said, reminding users that hot wallets are connected to the internet and are exposed to phishing, malware, or remote attacks.

The case even caught the eye of the prominent blockchain sleuth ZachXBT, who offered the three biggest takeaways for similar thefts.

"One lesson our industry needs to do better with is not causing confusion with products when you offer both custodial and non-custodial products," he said, adding that, for example, victims of large Coinbase, a crypto exchange, support impersonation thefts sometimes state they don't know the difference between custodial wallets, where private keys are stored by a third party, and non-custodial wallets, where a user is responsible for storing the private keys.

"One lesson our industry needs to do better with is not causing confusion with products when you offer both custodial and non-custodial products."

Another lesson, according to ZachXBT, is that ">95%" of companies offering crypto asset recovery services are simply "predatory and charge large amounts for basic reports with few actionable insights."

"Predatory firms will pursue cases when recovery does not seem viable just to bill desperate victims," the sleuth said, also noting that desperate victims often have unrealistic expectations about what’s possible for recovery because there's no "magic button for the funds to be returned."

The third lesson is to report thefts as soon as possible, "otherwise it can be difficult to detect that a theft even took place."

ADVERTISEMENT

In LaRoque’s case, his funds, according to the sleuth, were completely laundered via an over-the-counter service related to the infamous Huione illicit online marketplace by October 15th.

"Brandon’s case is a painful reminder that education is the first line of defense," Ellipal concluded, adding that "we are all in this together."

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
What is fearmaxxing? Experts question the self-improvement trend
EU plans stricter rules for Amazon and Microsoft cloud services to ease switching between providers
Microsoft: 2 ransomware groups hit SharePoint in parallel attacks
27 million passwords seized as Microsoft and EU authorities knock down malware infrastructure
What sovereignty? Internet traffic of millions of Europeans flows through Chinese routers
Samsung thinks a 7-year-old TV might be too old, but users disagree
ADVERTISEMENT