A 150 million dollars flight targeting the co-founder of Ripple, Chris Larsen, was traced to a security forfeiture involving the Lastpass password manager, according to a confiscation complaint filed by the American police on March 6, reported by Blockchain Sleuth Zachxbt.
Zachxbt shared that the complaint detailed how the private keys to Larsen – or the code to access his tokens assets – were stored in Lastpass, the widely used password manager who underwent a major violation in 2022.
At the time, pirates stole the source code and technical data by compromising the account of a developer. In November of the same year, they used this access to infiltrate a cloud storage system, flying encrypted customer password chests and unacyptated metadata for around 25 million users.
Although the “vaults” have been encrypted, weak or reused masters passwords could be forced brutal, exposing stored data.
The pirates exploited this vulnerability, accessing the keys to Larsen and siphoning the XRP, worth 150 million dollars at the time of the flight and more than $ 600 million at Saturday prices.
“A confiscation complaint filed yesterday by the forces of the American law revealed the cause of the hacking of ~ $ 150 million (283 m XRP) of the co-founder of Ripple, the wallet of Chris Larsen in January 2024 was the result of the storage of private keys in its telegrading (manager of passwords which was hacked in 2022)” of telegram.
“So far, Chris Larsen had not publicly disclosed the cause of the flight,” he added.
Larsen confirmed the incident in January, where he clarified that hacking only affected his personal accounts, not on Ripple’s business portfolios. He has not yet publicly commented on the notice of confiscation.
The fallout from the hacking of LastPass 2022 have been important and remain in progress. In December, the Security Alliance (SEAL), a team of cybersecurity experts, focused on the cryptography market, said that crypto losses linked to the violation had affected at least $ 250 million in May 2024.
