Chris Larsen, the co-founder of Ripple, lost $150 million worth of XRP after hackers gained access to his private key. The breach stemmed from storing the private key in LastPass—a password manager that was hacked in 2022, resulting in the leakage of sensitive user data.
Ripple Co-Founder Chris Larsen Loses $150 Million in XRP Due to Security Breach
Recently, U.S. authorities revealed the cause behind a major crypto hack involving Chris Larsen, co-founder of Ripple. According to data shared by on-chain detective ZachXBT, the attack, which occurred in January 2024, resulted in hackers stealing 283 million XRP, valued at approximately $150 million.
The breach was traced back to LastPass, a password manager that had been compromised in 2022. Larsen’s private key was stored on LastPass, allowing hackers to gain access to encrypted user data and steal critical information, ultimately leading to the loss of his assets.
This is the first time the details of the incident have been disclosed, as Chris Larsen had previously not revealed how hackers managed to access his XRP wallet. The incident serves as yet another warning about the security risks associated with using password managers to store sensitive information in the crypto space.
ZachXBT Uncovers XRP Hack Through Court Documents
On January 31, 2024, Chris Larsen, co-founder of Ripple, admitted on Twitter that some of his personal XRP wallets had been “unauthorizedly accessed.” However, he assured that Ripple itself was not affected. This revelation came after on-chain analyst ZachXBT reported that approximately 213 million XRP, worth around $112.5 million at the time, had been withdrawn from wallets linked to Ripple.
Additionally, court documents confirmed that a San Francisco resident had reported an unauthorized transfer of $150 million worth of cryptocurrency on January 30, 2024. This amount included over 283 million XRP, valued at approximately $708 million at the current exchange rate.
While the documents did not directly mention LastPass, they referenced an online password manager that was hacked in 2022, leading to the theft of users’ encrypted data. This key detail allowed ZachXBT to link the attack on Chris Larsen to the LastPass security breach.
LastPass – Major Security Threat Endangering Crypto Wallets
LastPass, one of the most popular password managers, was attacked twice in 2022 – in August and November. These breaches allowed hackers to steal a significant amount of critical data, including:
- Encrypted user passwords.
- LastPass vault data containing sensitive information such as private keys, API tokens, and multi-factor authentication (MFA) codes.
Serious Consequences Of the Attack
According to blockchain analyst ZachXBT, a series of cryptocurrency thefts have occurred since the 2022 attack, causing major financial losses for investors:
- Late 2023: A hacker group known as the “LastPass threat actor” stole $5.36 million in crypto from over 40 wallet addresses.
- October 2023: Another attack led to the theft of $4.4 million in cryptocurrency.
- February 2024: A hack related to LastPass resulted in $6.2 million in losses.
Notably, the theft of $150 million in XRP from Chris Larsen – co-founder of Ripple – is considered the largest attack linked to LastPass to date.
Warning About The Risks Of Storing Private Keys Online
The LastPass hack serves as a severe warning about the dangers of storing private keys or seed phrases in online password managers. Although LastPass had pledged to secure user data, the 2022 attack led to widespread account breaches, causing substantial losses for crypto users.
The $150 million loss suffered by Chris Larsen is a clear example of the risks involved in failing to implement proper security measures. Crypto investors should take the following precautions:
- Do not store private keys in online password managers.
- Use cold wallets to safeguard digital assets from hackers.
- Stay updated on security vulnerabilities to take proactive protective measures.
The attacks associated with LastPass highlight the critical need for safer methods of securing digital assets. Crypto investors must remain vigilant and take control of their security practices to avoid unfortunate losses.
As cyber threats continue to evolve, staying informed is key to protecting your digital assets. MevXBot is a trusted platform providing the latest insights, security updates, and expert guidance on cryptocurrency trading and asset protection.