Crypto investigator ZachXBT has brought to light a major theft involving Ripple co-founder Chris Larsen, who lost approximately $150 million worth of XRP (283 million tokens) in January 2024. The incident arises from the 2022 data breaches of LastPass, a popular password manager.
A recently surfaced legal document provides detailed insights into how the breach led to the theft of Larsen’s private key.
Details of the Incident
According to the document, Larsen (reference to as “Victim 2”) stored his cryptocurrency wallet’s private key in LastPass’s password vault. After inputting the private key into the vault, he destroyed any physical copies to ensure security.
Larsen had set a long, unique password for his LastPass account and was confident in its safety.
However, attackers exploited vulnerabilities exposed during two major LastPass breaches in August and November 2022. These breaches allowed hackers to steal encrypted customer vaults and unencrypted metadata.
Despite LastPass’s claims that strong master passwords would protect encrypted data, cybercriminals managed to decrypt Larsen’s vault and access his private key.
Key Points from the Legal Document
- Four devices belonging to Larsen had access to his LastPass account containing the private key.
- Only Larsen’s partner knew the passcode to access his cryptocurrency wallets.
- The stolen data from the LastPass breaches was used by attackers to illegally access victim’s accounts, including cryptocurrency wallets.
FBI Investigation
The Federal Bureau of Investigation (FBI) has been actively investigating the fallout from the LastPass breaches. Law enforcement agents have confirmed that stolen data from victims’ password manager accounts has been used to unauthorized access and theft of cryptocurrencies and other sensitive information.
Impact on LastPass
The 2022 breaches have left a lasting impact on LastPass’s reputation. Despite implementing new security measures, trust in the platform has eroded significantly. Many users have migrated to alternative password managers or opted for more secure storage methods.
Also Read: WazirX Faces FIU Investigation Amid Fraud Allegations & Security Breaches
