The January 2024 theft of 283 million XRP (XRP) from Ripple co-founder Chris Larsen’s private accounts has been linked to a password supervisor breach, in accordance to a forfeiture criticism filed by US legislation enforcement revealed by crypto investigator ZachXBT.
The investigator shared a screenshot of the forfeiture criticism in his Telegram channel on March 7, claiming the theft “was the results of storing non-public keys in LastPass (password supervisor which was hacked in 2022). Up to this level, Chris Larsen had not publicly disclosed the reason for the theft.”
Associated: ZachXBT rug pull drama reveals extent of unpaid detective work
In accordance to the shared criticism, Larsen’s non-public keys had been saved within the on-line password supervisor earlier than being destroyed. 4 units had been enabled with the password supervisor, which had an extended, distinctive password.
The password supervisor, LastPass, suffered two main breaches — one in August 2022 and the opposite in November 2022 — the place the attackers stole encrypted passwords and on-line password administration vault knowledge. In accordance to the US Federal Bureau of Investigation, which investigated the case, the compromised knowledge was used to steal cryptocurrency, amongst different issues.
The 283 million XRP stolen in January can be value $683 million on March 7.
Supply: Chris Larsen
ZachXBT traces token laundering
Following the XRP hack towards Larsen, ZachXBT traced the tokens throughout a number of crypto exchanges, together with MEXC, Gate.io, Binance, Kraken, OKX, HTX, HitBTC and others.
As Cointelegraph reported, the LastPass hackers had stolen an additional $45 million from crypto holders simply earlier than Christmas in December 2024. White hat hacker staff Safety Alliance considers seed phrases and personal keys saved on the password supervisor earlier than 2023 to be in danger.
Storing non-public keys or seed phrases on-line anyplace is taken into account a dangerous apply, with many recommending writing them down and storing them in a secure or maintaining them in offline digital storage like a USB. A person also can cut up their seed phrase into totally different elements and retailer them in a number of places.
Password managers do have one place, nonetheless, in crypto security practices: the ability to generate and store complex passwords that may make breaking into wallets that a lot harder.
Associated: Understanding multi-factor authentication (MFA) in cryptocurrency
