In an interesting turn of events, the January 2024 theft of 283 million XRP (worth approximately $150 million at current market price) from the wallet of Ripple co-founder Chris Larsen has been linked to the security breach of password manager LastPass. This discovery was recently made public by prominent blockchain investigator ZachXBT.
How Did The Ripple Co-Founder Lose His Assets?
On Friday, March 7, ZachXBT took to their Telegram channel to share a screenshot of a forfeiture complaint submitted on Thursday by US law enforcement. According to the crypto sleuth, Larsen’s wallet lost roughly $150 million worth of XRP tokens because the co-founder stored his private keys in a password manager named LastPass.
For context, LastPass suffered significant security incidents and data breaches in late 2022, which led to customer data leaks and password vault exploits. By September 2023, a potential link was established between this security breach and more than $35 million in cryptocurrency stolen from several victims since December 2022. As reported by Bitcoinist, approximately $4.4 million in digital assets were stolen from 85 distinct wallets belonging to 25 LastPass users on October 25, 2023 alone.
In late January 2024, ZachXBT revealed in an online post that Ripple had been exploited for about 213 million XRP (worth roughly $112.5 million at the time). The co-founder later confirmed that there had indeed been “unauthorized access” to his personal XRP wallets — but not Ripple’s.
Source: ZachXBT/Telegram
As highlighted in the forfeiture complaint, it seems Larsen’s private wallet keys were compromised in the two major data security breaches that affected a commercial online password manager in 2022. The United States Federal Bureau of Investigation (FBI) discovered that the passwords stolen in these breaches were used to illegally obtain customer data and assets.
The court document read:
From those conversations, law enforcement agents in this case learned that the stolen data and passwords that were stored in several victims’ online password manager accounts were used to illegally, and without authorization, access the victims’ electronic accounts and steal information, cryptocurrency, and other data.
It is worth noting that the forfeiture complaint does not cite LastPass as the online password manager. However, it did mention that one of the victims is a San Francisco resident (Larsen’s LinkedIn location shows that he is based in San Francisco city).
In the message on their Telegram channel, ZachXBT clarified that “up to this point Chris Larsen had not publicly disclosed the cause of the theft.” Recently, the blockchain investigator linked to the Ripple co-founder a series of dormant XRP wallets, with over 2.7 billion XRP (worth around $7.18 billion).
XRP Price Quick Look
As of this writing, the price of XRP stands at around $2.37, reflecting an over 5% in the past 24 hours.
The price of XRP on the daily timeframe | Source: XRPUSDT chart on TradingView
Related Posts
