Ripple Co-Founder Chris Larsen Loses $112.5 Million in XRP After LastPass Hack

In January 2024, Ripple co-founder Chris Larsen suffered a significant cyber theft, with approximately 213 million XRP tokens, valued at $112.5 million at the time, being stolen. This incident has been linked to a security breach that occurred in 2022 involving LastPass, a popular password management system. The attackers compromised private keys stored in LastPass, leading to the theft of Larsen's crypto assets.

On-chain security expert ZachXBT was the first to report the attack and traced the stolen funds as they were quickly moved to various crypto exchanges, including Binance, Kraken, and OKX. Larsen confirmed the breach, emphasizing that it was an isolated incident involving his personal accounts and not Ripple’s corporate wallets. He had not previously disclosed the cause of the security breach.

Following the hack, law enforcement was promptly involved, and several exchanges froze portions of the stolen funds. Despite these efforts, a large amount of the stolen XRP had already been laundered or converted out of XRP by the attackers.

This incident is not an isolated case. Last December, cybersecurity experts reported a wave of crypto thefts linked directly to the 2022 LastPass security breach. ZachXBT reported that just before Christmas, the ‘LastPass threat actor’ stole approximately $5.4 million in crypto assets from over 40 victim addresses, converting the assets to Ethereum and Bitcoin. This event brings the total losses to $250 million.

According to ZachXBT, the attackers exploited data stolen during the 2022 incident, in which hackers gained access to LastPass’s systems and exfiltrated encrypted user data. This breach has had far-reaching consequences, affecting numerous users and resulting in significant financial losses.

In December 2022, LastPass suffered two major data breaches, one in August and another in November, which resulted in the theft of encrypted passwords and vault data. According to the complaint, Larsen stored private keys in LastPass’ password vault, which also contained secure notes, banking information, and other credentials. Larsen stated that he destroyed any physical record of the private keys after inputting them in the password vault. A long, unique password secured access to the online password manager, and devices remained logged for up to 30 days. At least four devices had access to the account