Ripple co-founder Larsen’s $150M XRP theft linked to LastPass breach

The January 2024 theft of 283 cardinal XRP (XRP) from Ripple co-founder Chris Larsen’s idiosyncratic accounts has been linked to a password manager breach, according to a forfeiture ailment filed by US instrumentality enforcement revealed by crypto researcher ZachXBT.

The researcher shared a screenshot of the forfeiture ailment successful his Telegram transmission connected March 7, claiming the theft “was the effect of storing backstage keys successful LastPass (password manager which was hacked successful 2022). Up to this point, Chris Larsen had not publically disclosed the origin of the theft.”

Related: ZachXBT rug propulsion play reveals grade of unpaid detective work

According to the shared complaint, Larsen’s backstage keys were stored successful the online password manager earlier being destroyed. Four devices were enabled with the password manager, which had a long, unsocial password.

The password manager, LastPass, suffered 2 large breaches — 1 successful August 2022 and the different successful November 2022 — wherever the attackers stole encrypted passwords and online password absorption vault data. According to the US Federal Bureau of Investigation, which investigated the case, the compromised information was utilized to bargain cryptocurrency, among different things.

The 283 cardinal XRP stolen successful January would beryllium worthy $683 cardinal connected March 7.

Source: Chris Larsen

ZachXBT traces token laundering

Following the XRP hack against Larsen, ZachXBT traced the tokens crossed respective crypto exchanges, including MEXC, Gate.io, Binance, Kraken, OKX, HTX, HitBTC and others.

As Cointelegraph reported, the LastPass hackers had stolen an further $45 million from crypto holders conscionable earlier Christmas successful December 2024. White chapeau hacker squad Security Alliance considers effect phrases and backstage keys stored connected the password manager earlier 2023 to beryllium astatine risk.

Storing backstage keys oregon effect phrases online anyplace is considered a risky practice, with galore recommending penning them down and storing them successful a harmless oregon keeping them successful offline integer retention similar a USB. A idiosyncratic tin besides divided their effect operation into antithetic parts and store them successful aggregate locations.

Password managers bash person 1 place, however, successful crypto information practices: the quality to make and store analyzable passwords that tin marque breaking into wallets that overmuch tougher.

Related: Understanding multi-factor authentication (MFA) successful cryptocurrency