Ripple co-founder’s $150M wallet hack traced to LastPass security breach: ZachXBT
Key Takeaways
- A LastPass security breach is linked to the theft of 213 million XRP tokens from Chris Larsen.
- The LastPass breach has resulted in total losses of $250 million due to ongoing crypto theft.
Share this article
Ripple co-founder Chris Larsen’s $150 million crypto theft in January 2024 has been linked to a LastPass security breach from 2022, according to on-chain security expert ZachXBT, citing a recent US law enforcement forfeiture complaint.
The attack resulted in the theft of 213 million XRP tokens, valued at $112 million at the time, after attackers compromised private keys stored in the LastPass password management system.
ZachXBT, who was first to report the attack, noted that the stolen funds were quickly moved to various crypto exchanges, including Binance, Kraken, OKX, and others.
Larsen confirmed the breach, clarifying that it was an isolated incident involving his personal accounts and not Ripple’s corporate wallets. He had not previously disclosed the cause of the security breach.
Following the hack, law enforcement was promptly involved, and several exchanges froze portions of the stolen funds, with Binance alone halting $4.2 million worth of XRP. Despite these efforts, a large amount of the stolen XRP had already been laundered or converted out of XRP by the attackers.
LastPass breach lingers: Millions in crypto were stolen last December
Last December, cybersecurity experts sounded the alarm after a recent wave of crypto thefts, linked directly to the 2022 LastPass security breach.
ZachXBT reported that just before Christmas, the ‘LastPass threat actor’ stole approximately $5.4 million in crypto assets from over 40 victim addresses, converting the assets to Ethereum and Bitcoin. This event brings the total losses to $250 million.
According to ZachXBT, the attackers exploited data stolen during the 2022 incident, in which hackers gained access to LastPass’s systems and exfiltrated encrypted user data.
Despite the encryption, persistent efforts to decrypt the information continue to yield results for the perpetrators.
Ripple holdings and inactive addresses linked to Larsen
Following President Donald Trump’s announcement of the US Strategic Crypto Reserve last week, discussions around major US-based crypto assets, including Ripple’s XRP, have intensified.
In an earlier statement, ZachXBT revealed that XRP addresses linked to Chris Larsen still hold over 2.7 billion XRP worth over $7 billion. He noted that these addresses transferred over $109 million worth of XRP to exchanges in January 2025.
“Multiple of these addresses have been dormant for 6-7 yrs so it’s possible he lost access or sent funds to other people in Feb 2013,” ZachXBT noted. “He was also hacked for $112M early last year.”
Share this article
