A forfeiture criticism shared by blockchain detective ZachXBT revealed that the $150 million hack suffered by Ripple co-founder Chris Larsen resulted from personal keys saved within the password supervisor LastPass, which was compromised in 2022.
The criticism particulars how the attackers accessed Larsen’s cryptocurrency wallets via stolen vault information from LastPass.
LastPass compromise
In December 2022, LastPass suffered two main information breaches, one in August and one other in November, which resulted within the theft of encrypted passwords and vault information.
In response to the criticism, Larsen — known as Sufferer 2 — saved personal keys in LastPass’ password vault, which additionally contained safe notes, banking data, and different credentials.
In response to Larsen, he destroyed any bodily document of the personal keys after inputting them within the password vault. An extended, distinctive password secured entry to the net password supervisor, and units remained logged for as much as 30 days.
A minimum of 4 units had entry to the account containing the personal keys, and solely Larsen’s members of the family had been conscious of the passcode to any of those units.
The FBI has been investigating the LastPass breach, and regulation enforcement brokers engaged on Larsen’s case have spoken with FBI brokers concerning the stolen information.
The investigation means that attackers used the compromised vault information to realize unauthorized entry to a number of victims’ cryptocurrency accounts, digital accounts, and different delicate data.
The hack
Larsen first disclosed the hack on Jan. 31, 2024, stating that unauthorized entry had been detected in a number of of his private XRP accounts.
The attackers stole roughly 213 million XRP, valued at $112.5 million on the time. The stolen funds had been laundered via crypto exchanges, together with Binance, Kraken, OKX, Gate, MEXC, HTX, and HitBTC.
Larsen and his workforce instantly notified crypto exchanges to freeze affected addresses however didn’t publicly reveal any additional particulars in regards to the hack.
ZachXBT questioned Larsen’s determination to cover the reason for the theft. He mentioned:
“Provided that Chris Larsen had proven fundamental transparency with sharing their findings for the foundation trigger previous to this or had helped arrange a category motion towards LastPass.”
