Chris Larsen, Co-founder of Ripple, Loses $150 Million in XRP After LastPass Security Breach
According to an investigation by ZachXBT, Chris Larsen, co-founder of Ripple, lost approximately $150 million in XRP after his private keys stored on LastPass were compromised. This massive theft, which occurred in January 2024, raises significant concerns about private key management and the security of funds for crypto figures.
LastPass, a password manager, was the source of the hack. It had a major security vulnerability that was exploited since 2022, allowing hackers to gain access to multiple victims’ accounts over time. This incident is just one in a series of attacks related to LastPass, highlighting the risks of storing private keys online and the need for hardware wallets.
An Fatal Security Flaw in the Ripple Co-founder’s Security
Chris Larsen, co-founder of Ripple, lost approximately $150 million in XRP after his private keys stored on LastPass were compromised. This information, revealed by blockchain investigator ZachXBT, is based on a confiscation complaint filed by US authorities. This massive theft, which took place in January 2024, raises major questions about the management of private keys and the security of funds for crypto figures.
LastPass: The Origin of the Hack
The hack originates from a major security flaw in LastPass, a password manager that was compromised in 2022. At the time, attackers were able to retrieve sensitive data, including private keys, API tokens, and multifactor authentication (MFA) information. This vulnerability allowed hackers to access multiple victims’ accounts over time.
Chris Larsen had already admitted in January 2024 that some of his personal XRP accounts had been compromised, but without revealing the exact cause. Until this new revelation by ZachXBT, the origin of the theft remained unclear.
A Series of Crypto Thefts Linked to LastPass
This is not the first time that LastPass has been implicated in cryptocurrency thefts. ZachXBT has been closely following this matter for several months and has identified several other hacks attributed to what he calls the ‘LastPass threat actor.’ Previous incidents include the theft of $5.36 million from over 40 crypto addresses in late 2023, $6.2 million stolen in February 2024, and $4.4 million stolen in October 2023.
These attacks demonstrate the risks associated with storing private keys on online services, even those presented as secure.
A Warning for the Crypto Industry
Chris Larsen’s theft illustrates the major challenge of private key management for crypto players. Even the most influential figures in the industry are not immune to critical errors.
The incident serves as a crucial reminder: never store your private keys on an online service. The use of hardware wallets combined with an offline storage solution for your seed phrase remains the best protection against these threats.
At the moment, Ripple has not officially commented on the matter, but this $150 million leak could reignite the debate on fund security in the crypto ecosystem.
