Confiscation complaints Share Blockchain detective ZACHXBT has revealed that the $150 million hack that Ripple co-founder Chris Larsen is suffering is the result of a private key stored in password manager LastPass, which was compromised in 2022.
The complaint details how the attacker accessed Larsen's cryptocurrency wallet via vault data stolen from LastPass.
lastPass Compromise
In December 2022, LastPass suffered two major data breaches. One occurred in August and the other in November, stolen encrypted passwords and vault data.
According to the complaint, Larsen is called Victim 2, but his private key is stored in LastPass password vault, which also includes secure memos, banking information and other qualifications.
According to Larsen, he destroyed the physical record of his private key after entering it into a password vault. Long unique password protected access to the online password manager, and the device remained recorded for up to 30 days.
At least four devices had access to an account that contained a private key and were aware of the passcode for one of these devices.
The FBI is investigating a LastPass violation, and the law enforcement agent working on the Larsen case spoke with FBI agents regarding the stolen data.
Investigations suggest that attackers will use compromised vault data to gain unauthorized access to cryptocurrency accounts, electronic accounts, and other sensitive information of multiple victims.
hack
Larsen first disclosed the hack on January 31, 2024, saying that unauthorized access was detected in some of his personal XRP accounts.
The attacker stole around XRP 213 million, which was then valued at $112.5 million. The stolen funds were washed through crypto exchanges, including Binance, Kraken, Okx, Gate, MEXC, HTX, HITBTC.
Larsen and his team immediately notified the crypto exchange to freeze the affected addresses, but did not publicly disclose any details about the hack.
Zachxbt I was asked Larsen's decision to hide the cause of the theft. He said:
“If Chris Larsen demonstrated basic transparency by sharing previous root cause findings, or helped organize a class action lawsuit against LastPass.”
It is mentioned in this article
