A forfeiture grievance shared by blockchain detective ZachXBT revealed that the $150 million hack suffered by Ripple co-founder Chris Larsen resulted from personal keys saved within the password supervisor LastPass, which was compromised in 2022.
The grievance particulars how the attackers accessed Larsen’s cryptocurrency wallets by means of stolen vault knowledge from LastPass.
LastPass compromise
In December 2022, LastPass suffered two main knowledge breaches, one in August and one other in November, which resulted within the theft of encrypted passwords and vault knowledge.
In keeping with the grievance, Larsen — known as Sufferer 2 — saved personal keys in LastPass’ password vault, which additionally contained safe notes, banking data, and different credentials.
In keeping with Larsen, he destroyed any bodily report of the personal keys after inputting them within the password vault. A protracted, distinctive password secured entry to the web password supervisor, and gadgets remained logged for as much as 30 days.
No less than 4 gadgets had entry to the account containing the personal keys, and solely Larsen’s members of the family had been conscious of the passcode to any of those gadgets.
The FBI has been investigating the LastPass breach, and regulation enforcement brokers engaged on Larsen’s case have spoken with FBI brokers relating to the stolen knowledge.
The investigation means that attackers used the compromised vault knowledge to achieve unauthorized entry to a number of victims’ cryptocurrency accounts, digital accounts, and different delicate data.
The hack
Larsen first disclosed the hack on Jan. 31, 2024, stating that unauthorized entry had been detected in a number of of his private XRP accounts.
The attackers stole roughly 213 million XRP, valued at $112.5 million on the time. The stolen funds had been laundered by means of crypto exchanges, together with Binance, Kraken, OKX, Gate, MEXC, HTX, and HitBTC.
Larsen and his crew instantly notified crypto exchanges to freeze affected addresses however didn’t publicly reveal any additional particulars in regards to the hack.
ZachXBT questioned Larsen’s choice to cover the reason for the theft. He mentioned:
“Provided that Chris Larsen had proven fundamental transparency with sharing their findings for the basis trigger previous to this or had helped arrange a category motion towards LastPass.”