• A U.S. law enforcement forfeiture complaint revealed that the $150 million XRP theft from Ripple co-founder Chris Larsen stemmed from the 2022 LastPass breach.
  • Hackers exploited vulnerabilities in LastPass to access Larsen’s private keys, with stolen funds now valued at over $600 million.

A security breach involving password manager LastPass has been linked to the theft of $150 million worth of XRP from Ripple co-founder Chris Larsen, according to a forfeiture complaint filed by U.S. law enforcement on March 6.

Blockchain investigator ZachXBT flagged the filing, revealing that hackers accessed Larsen’s private keys through LastPass, which suffered a major data breach in 2022.

The LastPass breach initially saw hackers compromise a developer’s account, stealing source code and technical data. By November 2022, attackers used this access to infiltrate a cloud storage system, obtaining encrypted customer password vaults and unencrypted metadata for an estimated 25 million users. Although the stored data remained encrypted, weak or reused master passwords left accounts vulnerable to brute-force attacks.

Hackers exploited this security lapse, gaining access to Larsen’s private keys and transferring 283 million XRP, then valued at $150 million. At current market rates, the stolen funds are worth over $600 million.

“A forfeiture complaint filed yesterday by US law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen's wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022),” ZachXBT wrote on his Telegram channel.

He further noted, “Up to this point Chris Larsen had not publicly disclosed the cause of the theft.”

Larsen initially confirmed the hack in January, emphasizing that the breach affected only his personal accounts and not Ripple’s corporate wallets. He has not yet commented on the recent forfeiture filing.

The broader impact of the 2022 LastPass breach continues to unfold. The Security Alliance (SEAL), a group of cybersecurity experts specializing in crypto security, estimated in December that total losses tied to the incident had surpassed $250 million as of May 2024.

Edited by Harshajit Sarmah