Ripple co-founder Chris Larsen losing over $100 million of XRP tied to LastPass hack, says ZachXBT

Ripple co-founder Chris Larsen mostly likely lost $150 million worth of crypto because he stored his private keys with the password manager LastPass, according to internet sleuth ZachXBT.

“A forfeiture complaint filed yesterday by U.S. law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen's wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022),” ZachXBT said in a post to their Telegram channel on Friday. “Up to this point Chris Larsen had not publicly disclosed the cause of the theft.”

On January 31, 2024, Larsen admitted there had been "unauthorized access" to his “personal XRP accounts." Those comments followed ZachXBT posting online the allegation that Ripple had been hacked for about 213 million XRP worth $112.5 million at the time.

"There was unauthorized access to a few of my personal XRP accounts (not Ripple)," Larsen said in January 2024.

Ripple did not immediately respond to a request for comment.

Court filing details

What the court filing dated March 6th shows is that "on or about January 30, 2024" a San Francisco resident reported "that approximately $150,000,000 worth of cryptocurrency was transferred out of [their] accounts by an unauthorized actor." The crypto stolen, according to the filing, amounted to over 283 million XRP, which as of publication time, is worth approximately $708 million. 

According to his LinkedIn, Larsen is based in San Francisco. 

While the court document does not cite LastPass by name, its authors reference an online password manager when describing how the crypto theft is alleged to have occured. The filing describes one of the two victims stating they saved "private keys in a 'secure note' within a commercially available online password manager." 

"In December 2022, the above-described commercial online password manager suffered two major data breaches – one in August 2022 and one in November 2022 – in which the attackers stole encrypted passwords and the online password manager vault data," the filing also states.

ZachXBT, well aware of past crypto thefts related to security breaches suffered by LastPass in 2022, appears to have deduced the victims from the court filing (one believed to be Larsen) stored private keys using LastPass.

Following LastPass related thefts

At the end of last year, ZachXBT  reported that attackers identified as the “LastPass threat actor” had stolen $5.36 million worth of crypto from over 40 wallet addresses.

The LastPass security breach is believed to date back to 2022 when attackers apparently hacked the password manager and succeeded in stealing vast amounts of data , including customer keys, API tokens and MFA seeds.

ZachXBT has also identified other crypto thefts linked to the LastPass security breach including one valued over $6.2 million in February 2024 and another $4.4 million theft in October 2023.

Updated with more information from the court filing.