- ZachXBT has disclosed that Chris Larsen, Ripple’s co-founder, suffered a crypto loss of approximately $150 million in January 2024.
- Investigators linked the theft to the 2022 LastPass breach, where hackers exploited stolen credentials from encrypted vaults to access Chris Larsen’s private keys.
The massive theft of 283 million, valued at $150 million at the time, from Ripple co-founder Chris Larsen’s personal accounts in January 2024 has been linked to a security breach involving the LastPass password manager. According to a U.S. law enforcement forfeiture complaint shared by blockchain investigator ZachXBT, the compromised private keys had previously been stored in LastPass before being deleted.
Larsen’s stolen XRP, now valued at approximately $683 million, was drained from accounts secured by four devices connected to the password manager. Upon discovering the breach, Larsen confirmed that it was limited to his personal accounts and did not impact Ripple itself. “We were able to catch the problem early and notify exchanges to freeze the affected addresses. Law enforcement is already involved,” Larsen stated.
Tracking and Laundering of the Stolen XRP
LastPass, a widely used password manager, suffered two major breaches in 2022. The first occurred in August when hackers accessed parts of the company’s source code, API tokens, and multi-factor authentication (MFA) seeds. In November, attackers leveraged data from the initial breach to infiltrate encrypted password vaults and customer data. It is estimated that around $35 million in cryptocurrency was stolen from 150 victims. The FBI later connected this compromised data to multiple crypto-related thefts, highlighting the far-reaching consequences of the breaches.
ZachXBT, a blockchain investigator, tracked the stolen XRP as it moved across various cryptocurrency exchanges, including Binance, Kraken, OKX, HTX, MEXC, Gate.io, and HitBTC. Hackers frequently use multiple platforms to launder stolen assets, making it challenging to recover lost funds. Additionally, ZachXBT noted that addresses linked to Larsen continue to hold a significant amount of XRP. Reports suggest these addresses hold over 2.7 billion XRP, exceeding $7 billion in value.
Cybersecurity experts emphasize that private keys and seed phrases should never be stored in password managers or cloud-based services. Instead, they recommend keeping them offline, either on paper in a secure location or within hardware wallets. Some security professionals also advise splitting seed phrases into multiple sections for added protection.
Despite its history of security breaches, LastPass continues to actively promote its services on social media, drawing sharp criticism from ZachXBT. The investigator accused LastPass of downplaying the severity of its 2022 breaches, which led to significant cryptocurrency thefts. He also highlighted that law enforcement now publicly acknowledges LastPass’s role in these incidents and warned users against relying on the platform for secure password management.
As explained in an earlier coverage, ZachXBT also exposed that the infamous Lazarus Group, a North Korean state-backed hacking syndicate, was responsible for the massive $1.4 billion Ethereum theft from cryptocurrency exchange Bybit. Meanwhile, XRP is currently trading at $2.31 after an 8.62% drop in the last 24 hours, with its trading volume decreasing by 10.33% to $7.37 billion.
