Ripple Co-Founder Chris Larsen Loses $150 Million in XRP After LastPass Hack
1min read In January 2024, Ripple co-founder Chris Larsen suffered a substantial financial loss when 283 million XRP, valued at approximately $150 million, was stolen from his personal accounts. This theft was linked to a security breach that occurred in 2022 involving the password manager LastPass. The stolen data from LastPass was used to access Larsen's private keys, which were stored in the compromised password manager, allowing attackers to gain unauthorized access to his cryptocurrency holdings.
The stolen funds were quickly transferred across various wallets and exchanges, making it difficult to trace the movement of the assets. The attackers utilized multiple crypto exchanges to launder the stolen XRP, complicating efforts to recover the stolen assets and identify the perpetrators. The swift transfer of funds across different platforms highlighted the challenges in tracking and recovering stolen cryptocurrency.
Legal documents that surfaced recently provided detailed insights into how the breach led to the theft of Larsen's private key. The stolen data from LastPass was used to access the private keys, which were then used to transfer the XRP from Larsen's wallet. The theft underscored the vulnerabilities associated with storing sensitive information in password managers that have been compromised. The incident serves as a stark reminder of the importance of cybersecurity in the cryptocurrency industry. The use of compromised password managers to store private keys has led to significant financial losses for individuals and organizations. The theft of Larsen's XRP highlights the need for enhanced security measures to protect cryptocurrency holdings from unauthorized access and theft.
Following the XRP hack against Larsen, investigators traced the tokens across several crypto exchanges, including MEXC, Gate.io, Binance, Kraken, OKX, HTX, and HitBTC. The LastPass hackers had stolen an additional $45 million from crypto holders just before Christmas in December 2024. White hat hacker team Security Alliance considers seed phrases and private keys stored on the password manager before 2023 to be at risk. Storing private keys or seed phrases online is considered a risky practice, with many recommending writing them down and storing them in a safe or keeping them in offline digital storage like a USB. A user can also split their seed phrase into different parts and store them in multiple locations. Password managers do have one place, however, in crypto safety practices: the ability to generate and store complex passwords that can make breaking into wallets that much tough 
