Imagine spending eight years saving for retirement, watching your investment grow, only to discover that it’s vanished after checking an app. This is the unfortunate reality for 54-year-old Brandon LaRoque, a dedicated XRP (XRP-USD) investor who claims to have lost $3 million in cryptocurrency in just minutes.
Bolster Your Investment Approach:
- Take advantage of TipRanks Premium at 50% off! Unlock essential investing tools, advanced data, and expert insights to invest with confidence.
Brandon discovered his loss on October 15 by logging into the Ellipal mobile app; the theft had occurred three days prior. “It was everything,” he shared in an online video. “That was our house money, our retirement.” The shock was both instant and profound, revealing a common pitfall for many crypto users: the misuse of “cold” wallets.
Unauthorized Access Through Seed Importing
According to Ellipal, the Hong Kong-based wallet manufacturer, the investor mistakenly entered his hardware wallet’s recovery seed into the mobile app. This action effectively generated private keys on an internet-capable device, causing the wallet to lose its offline status.
Brandon had been utilizing the Ellipal app on both his iPhone and iPad, noting that one showed a blue background (indicating cold) while the other displayed orange (indicating hot), causing confusion. The device that stored his seed had internet connectivity. Within hours, an attacker stole over 1.2 million XRP, leaving smaller amounts of tokens like XLM and FLR untouched, suggesting a well-planned operation rather than chance.
The Trail of Loss in Blockchain
On-chain analyst ZackXBT quickly tracked the theft, stating that the attacker executed over 120 Ripple-to-Tron swaps using a bridge service now called Bridgers. The funds were subsequently moved across various wallets and ended up with over-the-counter brokers in Southeast Asia.
Some of these entities have been connected to gray-market trading networks associated with Huione, a marketplace flagged by U.S. authorities earlier this year. The precise nature of these transfers rendered recovery extremely difficult. Each transfer shifted the XRP further from traceable exchanges to private settlements.
A Cautionary Lesson in Crypto Security
Ellipal reaffirmed that its hardware remains secure and air-gapped, attributing the breach to actions taken in the mobile environment. While expressing sympathy, the company clarified it cannot be held accountable for user actions. Brandon has reported the incident to the FBI’s cyber unit and local law enforcement, although he acknowledges that the chances of recovering his funds are slim.
Experts emphasize that Brandon’s experience highlights a prevalent misunderstanding: a cold wallet only stays secure if its seed hasn’t been entered onto a connected device. Once that occurs, even momentarily, it transforms into a hot wallet vulnerable to hacking. In the crypto realm, a single misstep can turn a secure vault into a breach.
Key Takeaway
This incident has become a cautionary tale for all cryptocurrency holders. The technology may be revolutionary, but it can be unyielding. Brandon LaRoque’s simple mistake—misplacing a seed—ultimately led to a $3 million loss and a fractured future. This episode serves as a reminder that in digital finance, security relies heavily on discipline. Cold wallets only protect assets when users avoid shortcuts. In this case, a few taps on a screen cost a fortune and shattered a lifetime of security.
At the time of writing, XRP is priced at $2.4725.
