Chris Larsen’s $150 Million XRP Theft Linked to LastPass Security Breach
Larsen confirmed the incident in January, clarifying that the hack targeted only his personal accounts and did not impact Ripple’s corporate wallets.
What You Need to Know:
- A $150 million theft from Ripple co-founder Chris Larsen’s wallet has been traced to a security failure at the password manager LastPass.
- Hackers accessed Larsen’s private keys stored in LastPass, which suffered a significant breach in 2022, affecting around 25 million users.
- Crypto losses related to the LastPass breach have reached at least $250 million as of May 2024.
A $150 million theft involving Ripple co-founder Chris Larsen is linked to vulnerabilities in LastPass’s security systems, based on a forfeiture complaint filed by U.S. law enforcement. This complaint, detailed by blockchain investigator ZachXBT, revealed that Larsen’s private keys were stored in LastPass, the widely used password manager that experienced a significant breach in 2022.
At the time of the breach, hackers stole source code and technical data from a developer’s account, later infiltrating a cloud storage system and compromising encrypted password vaults and unencrypted data for about 25 million users.
Despite the encryption of user vaults, weak or reused master passwords could have been exploited. This allowed hackers to access Larsen’s keys and steal the XRP, originally valued at $150 million at the time of the theft, now worth over $600 million.
ZachXBT noted in a message that the forfeiture complaint clarified the cause of the hack on Larsen’s wallet in January 2024 stemmed from the compromised private key management in LastPass, a fact Larsen had not previously revealed.
The ongoing repercussions of the LastPass hack are substantial, with The Security Alliance estimating crypto losses associated with the breach to be at least $250 million as of May 2024.
