Chris Larsen, co-founder of Ripple, had 150 million USD worth of XRP stolen due to storing his private key in LastPass, a password management application that was hacked in 2022.
Revealing the reason behind the 150 million USD XRP hack of the Ripple co-founder
Chris Larsen lost 150 million USD in XRP due to LastPass vulnerability
According to records disclosed by U.S. authorities and shared by on-chain detective ZachXBT, the hack on Ripple co-founder Chris Larsen that occurred in January 2024, stealing 283 million XRP (worth around 150 million USD), has been clarified.
The cause was determined to be due to Larsen's private key being stored in LastPass, a password management application that was attacked in 2022, allowing hackers to access the user's encrypted data.
In a post on the Telegram channel on March 7, 2025, ZachXBT wrote:
"A forfeiture complaint filed by U.S. law enforcement on March 7 confirmed that the cause of the 150 million USD XRP hack of Chris Larsen was due to the leak of his personal key backup in LastPass - the platform hacked in 2022."
This is the first time the cause of the hack has been revealed, as Chris Larsen had not previously publicly disclosed how the hackers accessed his XRP wallet.
ZachXBT discovered the hack through court documents
On January 31, 2024, Chris Larsen acknowledged on Twitter that there had been "unauthorized access" to some of his personal XRP accounts, but affirmed that Ripple was not affected.
This occurred after ZachXBT posted information that around 213 million XRP (equivalent to 112.5 million USD at the time) had been withdrawn from Ripple-related wallets.
Yesterday, there was unauthorized access to a few of my personal XRP accounts (not @Ripple) – we were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved. https://t.co/T3HtKSlzLg
— Chris Larsen (@chrislarsensf) January 31, 2024
The court documents also confirmed that a San Francisco resident had reported that 150 million USD in cryptocurrency had been transferred out of their account without authorization on January 30, 2024. This amount included over 283 million XRP, worth around 708 million USD at the current time.
While the documents did not directly mention LastPass, they described an online password manager that was hacked in 2022, leading to the theft of user's encrypted data. This detail allowed ZachXBT to determine that LastPass was involved in the attack targeting Chris Larsen.
LastPass - A serious security vulnerability threatening crypto wallets
LastPass was attacked twice in 2022 - in August and November. Hackers stole:
- Encrypted user passwords.
- LastPass's password vault data, including sensitive information like personal keys, API tokens, and multi-factor authentication (MFA) codes.
According to ZachXBT, the LastPass hack has led to a series of cryptocurrency thefts since late 2022:
- Late 2023, the "LastPass threat actor" group stole 5.36 million USD in crypto from over 40 wallet addresses.
- October 2023, hackers seized 4.4 million USD in crypto.
- February 2024, another LastPass-related hack caused 6.2 million USD in losses.
The 150 million USD XRP loss of Chris Larsen is considered the largest attack linked to LastPass to date.
This hack once again emphasizes the risks of storing private keys/ seed phrases in online password managers. While LastPass had promised data security, the 2022 attack has led to the compromise of numerous accounts, causing significant losses for crypto users.
The 150 million USD XRP hack of Chris Larsen is a clear example of the danger of asset loss without proper security measures. The lesson for investors entering the crypto market:
- Do not store personal keys in online password managers;
- Use cold wallets (Cold Storage) to protect digital assets;
- Always stay updated on security vulnerabilities.
Compiled by Coin68
