8-3-2025 – American law enforcement officials have uncovered that the massive cryptocurrency theft targeting Ripple co-founder Chris Larsen stemmed from a catastrophic security breach at LastPass, the widely-adopted password management service.
The investigation, detailed in a forfeiture complaint lodged on 6 March, illuminates how cyber criminals orchestrated the theft of digital assets valued at $150 million. Blockchain investigator ZachXBT brought the matter to public attention, sharing crucial details about the sophisticated attack.
The roots of this audacious heist trace back to 2022, when LastPass suffered a devastating security compromise. Malicious actors initially gained entry through a developer’s compromised credentials, subsequently pilfering vital technical data and source code. The breach escalated when the perpetrators leveraged this access to infiltrate cloud storage systems, where they harvested encrypted password vaults and unprotected metadata affecting approximately 25 million LastPass users.
Whilst these digital vaults were ostensibly protected by encryption, security experts note that inadequate master passwords or those reused across multiple platforms remained vulnerable to brute-force attacks. The hackers expertly exploited this vulnerability to access Larsen’s private keys, facilitating the unauthorised transfer of XRP tokens, which have since quadrupled in value to exceed $600 million.
Speaking in January, Larsen acknowledged the security breach but emphasised that it exclusively impacted his personal holdings, leaving Ripple’s corporate assets untouched. He has maintained silence regarding the recent forfeiture notice.
The repercussions of the LastPass security failure continue to reverberate through the cryptocurrency sector. The Security Alliance (SEAL), a specialist crypto-focused cybersecurity consortium, estimates that related losses have surpassed $250 million as of May 2024, highlighting the far-reaching consequences of this security catastrophe.
