A forfeiture criticism shared by blockchain detective ZachXBT revealed that the $150 million hack suffered by Ripple co-founder Chris Larsen resulted from non-public keys saved within the password supervisor LastPass, which was compromised in 2022.
The criticism particulars how the attackers accessed Larsen’s cryptocurrency wallets via stolen vault information from LastPass.
LastPass compromise
In December 2022, LastPass suffered two main information breaches, one in August and one other in November, which resulted within the theft of encrypted passwords and vault information.
In line with the criticism, Larsen — known as Sufferer 2 — saved non-public keys in LastPass’ password vault, which additionally contained safe notes, banking data, and different credentials.
In line with Larsen, he destroyed any bodily file of the non-public keys after inputting them within the password vault. A protracted, distinctive password secured entry to the net password supervisor, and units remained logged for as much as 30 days.
A minimum of 4 units had entry to the account containing the non-public keys, and solely Larsen’s members of the family had been conscious of the passcode to any of those units.
The FBI has been investigating the LastPass breach, and legislation enforcement brokers engaged on Larsen’s case have spoken with FBI brokers relating to the stolen information.
The investigation means that attackers used the compromised vault information to achieve unauthorized entry to a number of victims’ cryptocurrency accounts, digital accounts, and different delicate data.
The hack
Larsen first disclosed the hack on Jan. 31, 2024, stating that unauthorized entry had been detected in a number of of his private XRP accounts.
The attackers stole roughly 213 million XRP, valued at $112.5 million on the time. The stolen funds had been laundered via crypto exchanges, together with Binance, Kraken, OKX, Gate, MEXC, HTX, and HitBTC.
Larsen and his staff instantly notified crypto exchanges to freeze affected addresses however didn’t publicly reveal any additional particulars in regards to the hack.
ZachXBT questioned Larsen’s choice to cover the reason for the theft. He stated:
“Provided that Chris Larsen had proven primary transparency with sharing their findings for the basis trigger previous to this or had helped set up a category motion towards LastPass.”
