The cryptocurrency market has just witnessed a shocking event when Chris Larsen, co-founder of Ripple, became the victim of a $150 million XRP hack in January 2024. After more than a year, the real reason behind this incident has finally been revealed thanks to documents from US authorities and the efforts of famous on-chain detective ZachXBT. Surprisingly, the culprit was not a sophisticated attack directly on Larsen's wallet, but originated from a security vulnerability in the password management application LastPass - a name familiar to millions of users worldwide.
Cause of the Hack: Private Key Saved in LastPass
According to information released on March 7, 2025, the hack that caused Chris Larsen to lose 283 million XRP (equivalent to 150 million USD at that time) originated from his storing private keys in LastPass. This is an online password management application that was hacked in 2022, leaving serious consequences for a series of users, including cryptocurrency investors like Larsen.
“A forfeiture complaint filed by U.S. law enforcement on March 7 confirmed that Chris Larsen’s $150 million XRP hack was caused by a leak of private keys stored in LastPass, a platform hacked in 2022,” ZachXBT shared on Telegram. This is the first time this detail has been made public, as Larsen previously admitted to “unauthorized access” to his personal XRP wallet without disclosing the specific cause.
On January 31, 2024, Larsen posted a message #Twitter stating that he had discovered the incident and quickly coordinated with exchanges to freeze the affected wallet addresses. He stressed that this was a personal matter, not related to Ripple. However, the initial loss was estimated by ZachXBT at $112.5 million (213 million XRP), but today, with XRP prices soaring, the stolen 283 million XRP is worth around $708 million.
The Role of ZachXBT and Court Documents
ZachXBT, a well-known on-chain detective in the crypto community, played a key role in unraveling the case, spotting unusual transactions involving Larsen’s wallet as early as late January 2024 and alerting the community. Court documents later confirmed that a San Francisco resident (believed to be Larsen) reported a loss of $150 million in cryptocurrency on January 30, 2024. While the document did not directly name LastPass, the description of an “online password manager hacked in 2022” helped ZachXBT connect the dots, suggesting that #lastpass was the source of the attack.
LastPass: Security Vulnerability Threatens the World
LastPass was once a trusted password manager, but two hacks in August and November 2022 have shaken its reputation. Hackers stole sensitive data including encrypted passwords, private keys, API tokens, and multi-factor authentication (MFA) codes. The repercussions of these attacks extend beyond 2022, with a series of hacks involving LastPass users.
According to ZachXBT statistics:
In late 2023, a hacker group called “LastPass threat actor” stole $5.36 million from more than 40 crypto wallets.
In October 2023, another incident caused $4.4 million in damage.
In February 2024, an additional $6.2 million was lost due to this vulnerability.
Chris Larsen's $150 million XRP hack is considered the largest involving LastPass, raising serious questions about the security of online password managers when storing important information such as private keys.
Expensive Lessons For Crypto Investors
The case of Chris Larsen is not only a warning to prominent individuals in the cryptocurrency industry, but also a lesson for all investors. Storing private keys or seed phrases in online applications like LastPass is a huge risk. Although LastPass promises to keep your data secure, the reality is that hackers can still exploit vulnerabilities to access user information.
To protect digital assets, experts recommend:
Don't store private keys online: Avoid using password managers or cloud services to store your private key/seed phrase.
Use a cold wallet: Hardware wallets like Ledger or Trezor are a safer option for protecting cryptocurrencies.
Security updates: Monitor security vulnerabilities from the services you use to promptly change your storage methods.
Conclusion: Crypto Investment – High Returns, High Risks
The $150 million hack of Chris Larsen $XRP is a clear example that even the industry's top figures are not immune to security risks. For Binance Square users, this event is a reminder that protecting personal assets should be a top priority. Investing in cryptocurrencies offers attractive profit potential, but also comes with significant risks such as price volatility, security vulnerabilities, and lack of regulation. Always do your research and take safety measures before entering this market. #anhbacong
Note: This article is published on Binance Square and is not intended to solicit investment or promote any other platform. Crypto investments are high risk, please consider carefully before participating.