- Ripple co-founder Chris Larsen’s $150 million XRP theft was linked to the 2022 LastPass security breach, according to a recent U.S. law enforcement document.
- Hackers accessed Larsen’s private keys stored in LastPass, with the stolen XRP now worth over $600 million at current market prices.
- The 2022 LastPass breach has resulted in at least $250 million in crypto losses as of May 2024, according to security experts.
A $150 million cryptocurrency theft targeting Ripple co-founder Chris Larsen has been traced to a security vulnerability in the password manager LastPass, according to a U.S. law enforcement forfeiture complaint filed on March 6. Blockchain investigator ZachXBT flagged the document, revealing how the massive January 2024 XRP heist stemmed from the widely publicized LastPass breach of 2022.
The complaint details how Larsen stored his private keys—the secure codes needed to access and transfer cryptocurrency holdings—in his LastPass account. This decision proved catastrophic when Hackers exploited vulnerabilities in the password management service that had been compromised two years earlier.
“A forfeiture complaint filed yesterday by US law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen’s wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022),” ZachXBT wrote on his Telegram channel.
The investigator added: “Up to this point Chris Larsen had not publicly disclosed the cause of the theft.”
The 2022 LastPass security incident began when attackers compromised a developer’s account, stealing source code and technical information. By November of that year, the hackers had leveraged this access to infiltrate LastPass’s cloud storage system, where they extracted encrypted customer password vaults and unencrypted metadata affecting approximately 25 million users.
While the password vaults were encrypted, security experts note that weak or reused master passwords could be brute-forced by attackers, potentially exposing all stored credentials and sensitive information. This vulnerability appears to have been exploited in Larsen’s case, allowing hackers to access his private keys and transfer 283 million XRP tokens away from his wallets.
The stolen cryptocurrency was valued at approximately $150 million when taken in January 2024 but has since appreciated to over $600 million at current market rates, representing a significant increase in the theft’s magnitude.
When the incident initially occurred in January, Larsen confirmed the hack but emphasized that only his personal accounts were affected, not Ripple’s corporate wallets. He has not yet publicly commented on the forfeiture notice that revealed the LastPass connection.
The broader impact of the 2022 LastPass breach continues to reverberate through the cryptocurrency ecosystem. The Security Alliance (SEAL), a specialized team of Cybersecurity experts focused on crypto markets, estimated that cryptocurrency losses linked to the LastPass breach had reached at least $250 million as of May 2024.
This incident highlights the critical importance of secure storage solutions for cryptocurrency private keys, with hardware wallets and other offline storage methods generally considered more secure than cloud-based password managers for high-value digital assets.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Coinbase Legal Chief Claims US Agencies Resist Transparency on ‘Operation Chokepoint 2.0’
- Coinbase Plans to Hire 1,000 US Employees Following Trump’s Pro-Crypto Stance
- US-Based Cryptocurrencies Filecoin, Sui, and Aptos Could Surge if Trump Announces Tax Relief for Made in USA Coins
- Georgian Court Orders Imprisonment of Tech Entrepreneur in Bitcoin Embezzlement Case
- OCC Eases Crypto Banking Rules Hours After Trump Vows to End Operation Chokepoint 2.0
