The January 2024 theft of 283 million XRP (XRP) from Ripple co-founder Chris Larsen’s personal accounts has been linked to a password manager breach, according to a forfeiture complaint filed by US law enforcement revealed by crypto investigator ZachXBT.
The investigator shared a screenshot of the forfeiture complaint in his Telegram channel on March 7, claiming the theft “was the result of storing private keys in LastPass (password manager which was hacked in 2022). Up to this point, Chris Larsen had not publicly disclosed the cause of the theft.”
Related: ZachXBT rug pull drama reveals extent of unpaid detective work
According to the shared complaint, Larsen’s private keys were stored in the online password manager before being destroyed. Four devices were enabled with the password manager, which had a long, unique password.
The password manager, LastPass, suffered two major breaches — one in August 2022 and the other in November 2022 — where the attackers stole encrypted passwords and online password management vault data. According to the US Federal Bureau of Investigation, which investigated the case, the compromised data was used to steal cryptocurrency, among other things.
The 283 million XRP stolen in January would be worth $683 million on March 7.
Source: Chris Larsen
ZachXBT traces token laundering
Following the XRP hack against Larsen, ZachXBT traced the tokens across several crypto exchanges, including MEXC, Gate.io, Binance, Kraken, OKX, HTX, HitBTC and others.
As Cointelegraph reported, the LastPass hackers had stolen an additional $45 million from crypto holders just before Christmas in December 2024. White hat hacker team Security Alliance considers seed phrases and private keys stored on the password manager before 2023 to be at risk.
Storing private keys or seed phrases online anywhere is considered a risky practice, with many recommending writing them down and storing them in a safe or keeping them in offline digital storage like a USB. A user can also split their seed phrase into different parts and store them in multiple locations.
Password managers do have one place, however, in crypto safety practices: the ability to generate and store complex passwords that can make breaking into wallets that much tougher.
Related: Understanding multi-factor authentication (MFA) in cryptocurrency
Be the first to comment