The January 2024 theft of 283 million XRP (XRP) from Ripple co-founder Chris Larsen’s private accounts has been linked to a password supervisor breach, in line with a forfeiture criticism filed by US legislation enforcement revealed by crypto investigator ZachXBT.
The investigator shared a screenshot of the forfeiture criticism in his Telegram channel on March 7, claiming the theft “was the results of storing non-public keys in LastPass (password supervisor which was hacked in 2022). Up thus far, Chris Larsen had not publicly disclosed the reason for the theft.”
Associated: ZachXBT rug pull drama reveals extent of unpaid detective work
In response to the shared criticism, Larsen’s non-public keys have been saved within the on-line password supervisor earlier than being destroyed. 4 units have been enabled with the password supervisor, which had an extended, distinctive password.
The password supervisor, LastPass, suffered two main breaches — one in August 2022 and the opposite in November 2022 — the place the attackers stole encrypted passwords and on-line password administration vault information. In response to the US Federal Bureau of Investigation, which investigated the case, the compromised information was used to steal cryptocurrency, amongst different issues.
The 283 million XRP stolen in January could be price $683 million on March 7.
Supply: Chris Larsen
ZachXBT traces token laundering
Following the XRP hack towards Larsen, ZachXBT traced the tokens throughout a number of crypto exchanges, together with MEXC, Gate.io, Binance, Kraken, OKX, HTX, HitBTC and others.
As Cointelegraph reported, the LastPass hackers had stolen a further $45 million from crypto holders simply earlier than Christmas in December 2024. White hat hacker staff Safety Alliance considers seed phrases and personal keys saved on the password supervisor earlier than 2023 to be in danger.
Storing non-public keys or seed phrases on-line anyplace is taken into account a dangerous follow, with many recommending writing them down and storing them in a protected or preserving them in offline digital storage like a USB. A person also can break up their seed phrase into completely different elements and retailer them in a number of places.
Password managers do have one place, nonetheless, in crypto security practices: the flexibility to generate and retailer complicated passwords that may make breaking into wallets that a lot more durable.
Associated: Understanding multi-factor authentication (MFA) in cryptocurrency