Ripple Co-Founder Chris Larsen's $150M XRP Theft Linked to LastPass Breach
In a shocking revelation, the January 2024 theft of 283 million XRP from Ripple co-founder Chris Larsen's personal accounts has been linked to a password manager breach, according to a forfeiture complaint filed by US law enforcement. The investigation, led by crypto investigator ZachXBT, has shed light on how the theft occurred and the potential consequences for those affected.
The LastPass hack had been linked to at least $45 million in crypto thefts as of December 2024. However, this latest development takes the total amount of stolen funds to a staggering $683 million, making it one of the largest cryptocurrency heists on record.
According to ZachXBT's investigation, Larsen's private keys were stored in the online password manager LastPass before being destroyed. Four devices were enabled with the password manager, which had a long, unique password. However, this security measure proved to be insufficient, as the attackers exploited two major breaches of LastPass in 2022 - one in August and another in November.
The compromised data was used to steal cryptocurrency, among other things. The FBI investigated the case, highlighting the severity of the breach and its far-reaching consequences.
How Did the Hack Occur?
The investigation revealed that Larsen's private keys were stored online before being destroyed. This decision led to the theft of 283 million XRP from his personal accounts. The thief exploited the vulnerabilities in LastPass's security measures, using the stolen data to access the tokens.
The Consequences
The theft has significant implications for those affected. With an estimated value of $683 million on March 7, this is one of the largest cryptocurrency heists on record. The incident serves as a reminder of the importance of secure password management and online storage practices in the world of cryptocurrency.
Risky Practices
Experts warn that storing private keys or seed phrases online anywhere is considered a risky practice. Many recommend writing them down and storing them in a safe or keeping them in offline digital storage like a USB. A user can also split their seed phrase into different parts and store them in multiple locations.
Multi-Factor Authentication
Password managers do have one place, however, in crypto safety practices: the ability to generate and store complex passwords that can make breaking into wallets much tougher. Understanding multi-factor authentication (MFA) is crucial in protecting cryptocurrency assets from such breaches.
Conclusion
The theft of 283 million XRP from Chris Larsen's personal accounts serves as a stark reminder of the importance of secure online practices and password management. As the world of cryptocurrency continues to evolve, it is essential for individuals and institutions to prioritize security measures to prevent similar incidents in the future.