A forfeiture grievance shared by blockchain detective ZachXBT revealed that the $150 million hack suffered by Ripple co-founder Chris Larsen resulted from non-public keys saved within the password supervisor LastPass, which was compromised in 2022.
The grievance particulars how the attackers accessed Larsen’s cryptocurrency wallets via stolen vault information from LastPass.
LastPass compromise
In December 2022, LastPass suffered two main information breaches, one in August and one other in November, which resulted within the theft of encrypted passwords and vault information.
In keeping with the grievance, Larsen — known as Sufferer 2 — saved non-public keys in LastPass’ password vault, which additionally contained safe notes, banking info, and different credentials.
In keeping with Larsen, he destroyed any bodily document of the non-public keys after inputting them within the password vault. An extended, distinctive password secured entry to the net password supervisor, and units remained logged for as much as 30 days.
A minimum of 4 units had entry to the account containing the non-public keys, and solely Larsen’s members of the family have been conscious of the passcode to any of those units.
The FBI has been investigating the LastPass breach, and legislation enforcement brokers engaged on Larsen’s case have spoken with FBI brokers concerning the stolen information.
The investigation means that attackers used the compromised vault information to achieve unauthorized entry to a number of victims’ cryptocurrency accounts, digital accounts, and different delicate info.
The hack
Larsen first disclosed the hack on Jan. 31, 2024, stating that unauthorized entry had been detected in a number of of his private XRP accounts.
The attackers stole roughly 213 million XRP, valued at $112.5 million on the time. The stolen funds have been laundered via crypto exchanges, together with Binance, Kraken, OKX, Gate, MEXC, HTX, and HitBTC.
Larsen and his workforce instantly notified crypto exchanges to freeze affected addresses however didn’t publicly reveal any additional particulars concerning the hack.
ZachXBT questioned Larsen’s resolution to cover the reason for the theft. He stated:
“Provided that Chris Larsen had proven fundamental transparency with sharing their findings for the foundation trigger previous to this or had helped arrange a category motion in opposition to LastPass.”