Investigation Reveals LastPass Compromise
The recent forfeiture complaint shared by blockchain detective ZachXBT sheds light on the $150 million hack suffered by Ripple co-founder Chris Larsen. The investigation revealed that the hack was a result of private keys stored in the password manager LastPass, which was compromised in 2022.
LastPass Data Breaches
LastPass experienced two major data breaches in December 2022, resulting in the theft of encrypted passwords and vault data. Larsen, also known as Victim 2 in the complaint, stored private keys in LastPass’ password vault along with other sensitive information.
Larsen took measures to secure his account, including using a long, unique password to access the online password manager. However, at least four devices had access to the account containing the private keys, and only Larsen’s family members knew the passcode to these devices.
An ongoing investigation by the FBI suggests that attackers used the compromised vault data to gain unauthorized access to multiple victims’ cryptocurrency accounts and other sensitive information.
The Hack
Larsen disclosed the hack on Jan. 31, 2024, revealing that unauthorized access had been detected in several of his personal XRP accounts. The attackers stole approximately 213 million XRP, valued at $112.5 million at the time, and laundered the funds through various crypto exchanges.
Despite notifying crypto exchanges to freeze affected addresses, Larsen did not publicly disclose further details about the hack. This decision raised questions from ZachXBT, who criticized Larsen’s lack of transparency in sharing the root cause of the theft.
