- Investigators have linked the theft of 213 million XRP tokens from Ripple co-founder Chris Larsen to a 2022 security breach of the password manager LastPass
- The stolen XRP, valued at approximately $150 million at the time of the theft in January 2024, has since appreciated to around some $700 million
- Authorities have seized over $23 million in cryptocurrency connected to the heist, with investigations ongoing to recover additional assets
A January 2024 theft of $150 million worth of XRP tokens has been linked to a LastPass breach that took place in 2022. Chris Larsen, co-founder of Ripple, lost 213 million XRP tokens in the hack, with subsequent investigations tracing it back to 2022 cyberattacks on the password management service LastPass, where encrypted customer vaults were compromised. The stolen XRP has since increased in value by over 4 times, with authorities managing to recover over $23 million, and efforts are ongoing to retrieve more of the stolen assets.
The LastPass Breach and Its Aftermath
In 2022, LastPass suffered two major security incidents that compromised encrypted customer vaults and unencrypted metadata. These breaches exposed sensitive information, including private keys for cryptocurrency wallets stored within the password manager. Despite encryption, weak or reused master passwords allowed attackers to brute-force access to these vaults, leading to significant financial losses for affected users.
Naturally, the ramifications of this hack were serious, and it seems that it took several months for some to play out. According to recently released court documents, Chris Larsen’s personal XRP holdings were targeted in January 2024, resulting in the theft of 213 million XRP tokens.
Investigations have revealed that the attackers exploited data from the LastPass breach to access Larsen’s private keys; Larsen confirmed the incident, clarifying that only his personal accounts were affected, not Ripple’s corporate wallets.
Ongoing Recovery Efforts
Law enforcement agencies have been actively working to trace and recover the stolen assets since they were reported, and with some success: over $23 million in cryptocurrency linked to the theft has been seized, with funds traced across multiple exchanges, including OKX, Kraken, and Binance. The investigation is ongoing, with authorities striving to recover additional assets and bring the perpetrators to justice.
This incident underscores the critical importance of robust cybersecurity practices, especially concerning the storage of sensitive information like cryptocurrency private keys. Such keys should never be stored on cloud storage systems, even those with seemingly powerful security.
