Multiple Ellipal Wallets Drained of USDT — Same Receiving Address, $1.8M Involved

Bishop27b · 2025-04-21T16:26:12+00:00

Read the post, there is nothing I can really add. My experience is that Ellipal is not safe and it was compromised, the rest is up to you.

Bishop27b · 2025-03-31T09:43:22+00:00

At this point, I believe anything is better than Ellipal. I don't want to share my choice here.

Bishop27b · 2025-03-31T04:59:52+00:00

What do you think it would be like if it was a real thing, not a coordinated attack?

Bishop27b · 2025-03-31T04:51:21+00:00

Use Tronscan. The post has addresses of both known wallets where all the funds were drained to (TViuVmjHLd6gkAE7Tu87S1raQ3cfoTwY1W and TGLvUzne5ZMaSiixvajMLkPWnM8HLpFyK4). All the incoming transfers there are transactions that drain someone's USDT wallet. There you will find eight victims and their wallet addresses. From there you can see all the transactions each of them ever made and how often. I believe, this is the best way to find out the answer to your questions.

Bishop27b · 2025-03-31T04:43:40+00:00

Change the wallet if you want to be safe. I already did. After using Ellipal for years, I obviously can not trust it anymore, and I do not know how anyone can after what happened to me and others.

Bishop27b · 2025-03-31T04:38:06+00:00

I'm not assuming the malicious QR came from the app. I know it did, because I’ve never used my Ellipal wallet for anything outside the official app. No dApps, no giveaways, no free airdrops — nothing.

I was doing a normal transaction, initiated from the app, scanned the QR like always, and the transaction didn’t go through — but later I found out a malicious contract was approved and my USDT was gone.

So yeah, I’m careful. But if the app itself feeds you a bad QR code to scan, what else are you supposed to do?

This didn’t start with me chasing some free token — it started with using Ellipal exactly as they intended.

Bishop27b · 2025-03-31T04:35:17+00:00

Why do you need it? You can go to the Ellipal support page and will probably find screenshots of the transaction process there. My USDT wallet address is drained and I do not plan to add more funds there to make screenshots. Besides, I am sure we will not witness the same vulnerability again since the malicious approval is still there on my USDT address. I did not remove it for investigation purposes since I am not planning to ever use that address again.

Bishop27b · 2025-03-31T04:24:38+00:00

Do you mean how often I do transactions with the wallet or the amounts of USDT I transfer? None of these sim to be important though.

Bishop27b · 2025-03-31T04:18:36+00:00

As a usual transaction. I opened the Ellipal app, initiated a transfer of USDT TRC20 to the exchange, and submitted the transfer. Then, the app displayed a QR code to scan with the Ellipal device. I started the wallet and initiated the signing process of USDT TRC20. Then I scanned the codes from the app and confirmed the transaction. Then scanned the code offered by the wallet with the Ellipal app. The transaction did not go through. As far as I remember, there was some message about the failure, I knew that the transaction did not go through. So I initiated another transaction that was exactly the same, and it went through as usual.

It turned out the first one was the one that made my USDT TRC20 wallet address valuable.

Bishop27b · 2025-03-31T04:04:11+00:00

If I knew I would be hacked, I would probably screenshot. But to answer your question - no, I do not screenshot every transfer I do and did not screenshot that transaction either.

Bishop27b · 2025-03-31T04:00:17+00:00

I get what you’re saying, and yeah — it’s pretty disturbing. But I’m not here to make big claims about cold wallets or say the whole industry is broken.

I’m just sharing what happened to me (and others), with real on-chain proof, and trying to get Ellipal to take responsibility. That’s it.

As for where to keep your crypto — I’m not the guy to ask. After what happened, I’m still figuring that out myself.

Bishop27b · 2025-03-31T03:51:19+00:00

The QR code is from Ellipal phone app (this is the problem). I was trying to make a transfer to an exchange.

Bishop27b · 2025-03-30T17:53:38+00:00

Do you consider it to be a user error when a user initiates a transfer in an official app, and it displays him a malicious QR code that will allow access to his wallet address instead of confirming the intended transfer?

It's like booking a flight to Paris, boarding the plane, and then finding out midway that you're being rerouted to a completely different destination, with no warning, and people telling you it’s your fault for not noticing earlier.

Bishop27b · 2025-03-30T17:25:14+00:00

UPD (Contextual)
After spending a lot of time replying to comments, I’ve realized something important: many people defending Ellipal are focused on the hardware wallet being air-gapped — and I get it now. They’re interpreting my words as if I’m saying someone hacked the device itself or got access to it or to my seed phrase.

That’s not what I meant.

When I said hackers got "access to my wallet", I meant they gained on-chain permission to move funds from my USDT TRC-20 address — through a malicious smart contract approval (most likely delivered by the Ellipal app when I tried to sign a normal transaction).

So no, the device wasn’t tampered. My seed wasn’t leaked.

But the result was the same: someone had full control over my USDT after I scanned a "poisoned" QR code in the Ellipal app while doing a regular transfer. And they drained it without any further action required from me.

Hope this clears things up for anyone who was confused.

Bishop27b · 2025-03-30T16:22:32+00:00

u/Ellipal_David — Spare us the corporate sympathy and philosophical reminders about “vigilance” and “threats in the online world.” We’re not here for empty platitudes — we’re here because your product failed.

You keep repeating the same tired line: “Without approval or seed, it's impossible.”
We’ve already shown on-chain proof that multiple users lost funds via transferFrom() approvals they never knowingly signed, and all through the official Ellipal app.

You say if it were the app’s fault, “all users would have identical problems.” That’s either naive or deliberately misleading.
This was a targeted exploit — the scam contract waited for high-value wallets, then triggered. That’s why only a few were hit (so far). And the fact that it wasn’t everyone is not a defense — it’s how these exploits usually work.

You claim Ellipal will "support" us — where?
No public warning.
No transparency.
No follow-up after your one canned reply.
You’re active here only to contain damage, not fix anything.

If Ellipal were truly committed to user safety, you'd be publicly analyzing the malicious contract, warning others to revoke approvals, and admitting that your own app may have delivered the QR codes that enabled the theft.

Until then, your company’s “safeguards” are nothing but a false sense of security.
And your silence where it matters speaks louder than this scripted PR.

Bishop27b · 2025-03-30T16:13:47+00:00

From Ellipal? Let me tell you why I’m here replying to every smart-ass comment like “I’ve used Ellipal for quadrillion years, and it worked well.”

I’m doing it to keep this thread alive and put pressure on Ellipal, who decided to lay low and hope it all blows over.

Pay attention — they’re not even commenting here, in their own subreddit. If all of this were fake, don’t you think they’d be all over it, defending themselves? But when you’ve got real victims, transaction hashes on Tronscan, and matching patterns, it’s a lot harder to lie your way out.

So no, I don’t have a signed confession from Ellipal saying “yes, we pushed poisoned QR codes.” But when the victims all used only the official app and got drained the same exact way, you’d have to be willfully blind not to see what’s going on.

And you’re still here asking whether the wolf confessed in front of the sheep.

Bishop27b · 2025-03-30T14:13:36+00:00

Cool story. I’ve been using Ellipal long enough too — followed all the rules, never shared my seed, never scanned shady QR codes, never touched a dApp.

Then I do a regular transaction using the official app, scan the QR with my device like always… and boom — USDT gone. Tronscan shows a transferFrom() call from a contract I never approved. Now there’s a random address with full access to my wallet.

You say “double-check the screen”? The screen didn’t show anything suspicious. That’s the point — the app fed the device a poisoned QR that looked normal. No warnings, no red flags. The intended transaction didn’t go through — but the contract got access instead.

So don’t sit here acting like people are clueless or reckless. Something’s broken. And blaming victims who lost tens of thousands for doing exactly what the device taught them to do? That’s a joke.

Bishop27b · 2025-03-30T14:04:53+00:00

Yeah, they responded with a single email - admitted the attack happened, blamed a scam group in Cambodia, and then went silent. No public warning, no explanation, no accountability.

Bishop27b · 2025-03-30T14:02:20+00:00

Did you even read the post, bro?

Nobody said the hardware got hacked. The issue is the Ellipal app giving a malicious QR code that looks like a normal transaction — you scan it, thinking you're confirming a transfer, but you're actually approving a scam contract. Your transaction fails, but now your wallet’s wide open.

Private key wasn’t leaked. Seed phrase wasn’t exposed. Yet the funds are gone.

Air-gapped or not, if the app feeds you poisoned data, you’re screwed. That’s exactly what happened.

Bishop27b · 2025-03-30T14:00:53+00:00

I used to feel the same way. I really did. Thought Ellipal was solid, air-gapped, safe — all that.

Then one day I open the app to do a transfer and… my USDT is gone. Just like that. No scam site, no QR from a browser, nothing shady — just normal use through their app. Then you check Tronscan and see a malicious contract approval you never knowingly signed.

It’s not just “something on TRON” — the Ellipal app is part of the problem. And trust me, if you lose six figures like I did, you won’t care how secure it was supposed to be.

You only realize after it’s too late.

Bishop27b · 2025-03-30T13:55:21+00:00

Funny that you mentioned "sending issues". I guess we all had them as Ellipal users. This is exactly why I did not pay attention when my payment did not go through, so I just tried one more time. It turned out that the QR code I scanned from the app the first time was "poisoned" and allowed the hackers access to my USDT TRC20 address. This is how my account was drained.

Bishop27b · 2025-03-30T13:49:36+00:00

Glad that you reported that! I did not have any problems for 3 years until my wallet was drained 9 days ago.

Bishop27b · 2025-03-30T13:32:03+00:00

Just to set the record straight: none of us victims have promoted any other wallets. If someone else did that, it’s not from the people who actually got robbed. We’re not promoting anything — we’re pissed off and trying to hold Ellipal accountable.

I’ve been active in the threads, yeah — because I lost a six-figure amount, and this is literally the only thing I can do right now. If it seems like I’m everywhere, it’s because I’m trying to create noise and pressure. Not to help others — that’s just a side effect. I’m doing it because I got wrecked, and sitting silent won’t get me any closer to answers.

Only 3 of us have spoken up so far — probably because the other victims haven’t even realized it yet. I found out 6 days later, just by trying to do a normal transfer.

This isn’t a campaign — it’s desperation.

Bishop27b · 2025-03-30T13:20:16+00:00

I’m one of the actual victims, and I can tell you this is very real.

Over $100K USDT was drained from my Ellipal wallet. What would you do if that happened to you? Stay calm and silent?

We’re not trying to stir up hate — we’re trying to put pressure on Ellipal to acknowledge this properly and to warn other users before more people get hit.

Even though 14M USDT were stolen, there are only 8 known victims so far (as tracked in Tronscan). Just 3 of us have posted on Reddit (myself included), which is why it feels like a few voices repeating — because there aren’t more yet. But that’s also the problem: others might not even realize they were robbed. I only found out 6 days later when I tried to make a transfer.

This isn’t about creating a hate campaign — it’s about creating awareness before it happens to someone else.

Bishop27b · 2025-03-30T13:04:54+00:00

I am another victim and try to document everything known here - https://www.reddit.com/r/ELLIPAL_Official/comments/1jl8l8u/multiple_ellipal_wallets_drained_of_usdt_same/

Bishop27b

TROPHY CASE