XRP Investor Says $3M in XRP Was Stolen; Cold Wallet Maker Says Seed Import Made Wallet Hot

A long-time XRP investor named Brandon LaRoque reported the theft of over $3 million in XRP, discovered on October 15th via the Ellipal mobile app, though the drain occurred on October 12th. The investor stated the funds represented nearly his entire retirement savings. Ellipal, the cold wallet maker, responded by stating their review indicated the user had imported the hardware wallet’s seed phrase into the mobile app, which recreates the wallet on an internet-connected device, effectively turning it into a hot wallet and compromising security. The investor noted different color indicators on the app for cold versus hot connections. Pseudonymous analyst ZackXBT traced the funds, reporting that the attacker used a swap service called Bridgers to move the XRP, consolidating them on Tron before dispersing them to OTC brokers near Huione. The core takeaway for users is the critical warning against entering a hardware wallet's seed phrase into any mobile or desktop application if cold storage security is the goal.

(Source：CoinDesk)