People can randomly guess keys and get lucky.
⚡️💬 NEW - "I just had over $3,000,000 worth of XRP stolen from my cold wallet."
Brandon, 54, has just lost $3 million worth of XRP that was stored in his Ellipal cold wallet.
"I thought I was being careful," he says in a YouTube video.
This represents nearly eight years of savings for him.
https://blossom.primal.net/521e01f37f6633ac5d14f0756a7815acb27f52b877229f06427c73e2804d3761.mov
Discussion
Doubtful.
I doubt that was the case for this one especially seeing how this one was a hefty bag.
Definitely. Those where hot keys and he f’d up
I looked up Ellipal, apparently the software and firmware are all proprietary and closed source. If they placed a backdoor, they very well could have been the thieves.
Also looking at that screenshot he had all 1+ million of his XRP in either one account or one UXTO. I'm not sure if XRP uses an account model or uxto model, but either way, KYC or not that's a huge target on the public blockchain for everyone to see. Any hacker would target those addresses first. If he were to have his XRP mixed correctly it would be likely that he wouldn't have been targeted. Goes to show how imperative privacy is especially for public surveillance coins.
Other than those two observations I'm curious to how else this could have happened. I hope he shares details about how he backed up his seed phrase and other details so the larger community can learn from this. To me Ellipal's proprietary software is a huge red flag.
Can you explain how you believe this theft took place? He imported his seed phrase into the Ellipal app on his own device, (not a website) and that would be enough to expose it to a hacker? I feel like I’m missing some information.
Hot wallets are vulnerable inherently.
As soon as that seed phase touches a device that can access the internet there’s a greater than zero percent chance you can loose your stack.
I understand that, I’m just wondering what happened after it was imported, like maybe he pasted it somewhere else that was accessible to a hacker.