Ripple Cofounder’s $150M XRP Theft Linked to LastPass Breach, Says ZachXBT

Larsen acknowledged the hack in January, stating that it impacted only his personal accounts and did not compromise Ripple’s corporate wallets.

What to Know:

• A $150 million XRP theft from Ripple co-founder Chris Larsen's wallet has been linked to a security breach at LastPass, according to a U.S. law enforcement forfeiture complaint.
• Hackers reportedly gained access to Larsen’s private keys stored in LastPass, which suffered a major data breach in 2022, exposing encrypted password vaults and unencrypted metadata for approximately 25 million users.
• The LastPass hack's impact on crypto security persists, with estimated crypto-related losses tied to the breach reaching at least $250 million as of May 2024.

The $150 million theft from Ripple co-founder Chris Larsen has been linked to a security breach involving LastPass, according to a March 6 forfeiture complaint filed by U.S. law enforcement and highlighted by blockchain investigator ZachXBT.

ZachXBT revealed that the complaint outlined how Larsen’s private keys, which grant access to his crypto holdings, were stored in LastPass—a popular password manager that experienced a major breach in 2022.

During the attack, hackers initially compromised a developer’s account, allowing them to steal source code and technical data. By November 2022, they leveraged this access to infiltrate a cloud storage system, stealing encrypted customer password vaults along with unencrypted metadata affecting approximately 25 million users.

Although the stolen password vaults were encrypted, hackers were able to brute-force weak or reused master passwords, ultimately exposing stored data.

By exploiting this vulnerability, attackers accessed Larsen’s private keys, siphoning off 283 million XRP, worth $150 million at the time and now valued at over $600 million based on Saturday’s prices.

ZachXBT shared details on his Telegram channel, stating:

"A forfeiture complaint filed yesterday by U.S. law enforcement revealed that the $150 million (283M XRP) hack of Ripple co-founder Chris Larsen’s wallet in January 2024 was caused by storing private keys in LastPass, which was hacked in 2022."

He also noted that Larsen had not previously disclosed the cause of the theft.

Larsen confirmed the breach in January, clarifying that it impacted only his personal accounts and not Ripple’s corporate wallets. However, he has yet to publicly comment on the forfeiture notice.

The LastPass breach’s impact continues to unfold. In December, The Security Alliance (SEAL), a cybersecurity group specializing in crypto, estimated that crypto-related losses tied to the hack had reached at least $250 million as of May 2024.