Ripple co-founder Chris Larsen lost approximately $150 million worth of XRP cryptocurrency (283 million XRP tokens) due to a LastPass security breach, according to blockchain investigator ZachXBT.
XRP (XRP) Security Breach Linked to Password Manager Vulnerability
Internet sleuth ZachXBT revealed on Friday that a major cryptocurrency theft affecting Ripple co-founder Chris Larsen was directly connected to the LastPass security breach of 2022. According to a post in ZachXBT's Telegram channel, a recent U.S. law enforcement forfeiture complaint confirmed that Larsen had stored his private keys in the compromised password manager.
"A forfeiture complaint filed yesterday by U.S. law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen's wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022)," ZachXBT stated. The blockchain investigator also noted that "Up to this point Chris Larsen had not publicly disclosed the cause of the theft."
XRP (XRP) Theft Timeline Reveals January Compromise
The security incident first came to light on January 31, 2024, when Larsen acknowledged experiencing "unauthorized access" to his "personal XRP accounts." His statement followed ZachXBT's public allegation that approximately 213 million XRP (worth $112.5 million at that time) had been stolen.
Larsen clarified in January that the breach affected only his personal accounts, stating: "There was unauthorized access to a few of my personal XRP accounts (not Ripple)." This distinction emphasized that Ripple's corporate holdings remained secure despite the significant personal loss.
When approached for comment on the recent revelations, Ripple did not immediately respond to inquiries about the incident.
XRP (XRP) Court Filing Details $708M Current Valuation
According to the March 6th court filing, a San Francisco resident reported on January 30, 2024, that "approximately $150,000,000 worth of cryptocurrency was transferred out of [their] accounts by an unauthorized actor." The document states that over 283 million XRP tokens were stolen, which at current market rates would be valued at approximately $708 million.
While the court filing does not explicitly name LastPass, it references an online password manager when describing the theft's methodology. The document states that one of two victims had saved "private keys in a 'secure note' within a commercially available online password manager."
The filing further notes: "In December 2022, the above-described commercial online password manager suffered two major data breaches – one in August 2022 and one in November 2022 – in which the attackers stole encrypted passwords and the online password manager vault data."
Larsen's San Francisco residence, confirmed by his LinkedIn profile, aligns with the victim description in the court filing, supporting ZachXBT's conclusion that Larsen's private keys were compromised via LastPass.
XRP (XRP) Among Multiple Crypto Assets Targeted in LastPass-Related Thefts
The Ripple co-founder's case appears to be part of a larger pattern of cryptocurrency thefts connected to LastPass security vulnerabilities. At the end of 2023, ZachXBT reported that attackers identified as the "LastPass threat actor" had stolen approximately $5.36 million worth of various cryptocurrencies from over 40 wallet addresses.
The LastPass security breach dates back to 2022 when attackers reportedly compromised the password manager's systems and extracted substantial amounts of sensitive data, including customer keys, API tokens, and MFA (Multi-Factor Authentication) seeds.
ZachXBT has documented other significant cryptocurrency thefts linked to the LastPass security incident, including one valued at over $6.2 million in February 2024 and another $4.4 million theft in October 2023.
This incident highlights the critical importance of secure private key storage practices in the cryptocurrency ecosystem, especially for high-value wallets. While password managers are generally considered more secure than plain text storage, this case demonstrates that even security-focused solutions can be vulnerable to sophisticated attacks.
The current valuation of the stolen XRP at approximately $708 million represents a significant increase from the initial theft value, reflecting XRP's price appreciation since January.