Hackers swiped a staggering $150 million worth of XRP from Ripple co-founder Chris Larsen in January 2024, exploiting a two-year-old LastPass security breach that just keeps on giving. The theft involved 283 million XRP tokens, making it one of crypto’s biggest heists this year.
Talk about a delayed reaction – a 2022 breach coming back to bite in 2024. Ouch.
The attackers accessed Larsen’s private keys stored in LastPass, then moved with lightning speed. Money gone. Just like that. They scattered the funds across multiple exchanges including Binance, Kraken, and OKX, converting chunks to other cryptocurrencies. Classic laundering playbook.
Remember that LastPass breach from 2022? It exposed encrypted vaults and unencrypted metadata for approximately 25 million users. Anyone with weak master passwords was basically handing over their digital keys to the kingdom.
Larsen, unfortunately, joined the club of the thoroughly hacked.
Recovery efforts have been… let’s say underwhelming. Binance managed to freeze about $4.2 million in stolen XRP. Great. That’s less than 3% of what was taken. Most funds were already exchanged or scattered to the digital winds, making recovery a nightmare.
Ripple quickly clarified that only Larsen’s personal accounts were affected. Corporate wallets? Safe and sound. Still, the incident sent shockwaves through the crypto community, highlighting some painful truths about digital asset storage.
This isn’t an isolated incident. Security researcher Brian Krebs reported that at least $35 million has been stolen from over 150 victims thanks to the LastPass breach. The hack was initially identified by blockchain investigator ZachXBT’s research, connecting the dots between the LastPass compromise and the stolen XRP.
In December, another $5.36 million vanished in a similar attack.
The crypto community’s response? Hardware wallets. Multi-signature authentication. Cold storage. Anything but password managers, apparently. The whole fiasco has prompted a massive rethinking of security approaches. The Security Alliance estimated total losses from the incident at at least $250M in their May 2024 report.
Seems like the LastPass breach is the gift that keeps on giving – to hackers, that is. Everyone else? They’re just getting robbed.
Security experts now strongly recommend using hardware wallets for long-term cryptocurrency storage instead of keeping private keys in password managers, as they provide offline security that’s immune to remote hacking attempts.
