Key Takeaways
- The court filing indicates that a San Francisco resident reported on January 30, 2024, that an unauthorized actor had transferred approximately $150 million worth of crypto from their accounts
- The complaint does not explicitly name LastPass but references an online password manager, stating that the victim had stored private keys in a secure note within the service
Chris Larsen, co-founder of Ripple, lost 283 million XRP, worth approximately $150 million, in a sophisticated hacking incident that took place in January 2024. New information has emerged linking the breach to compromised private keys stored in LastPass, a password manager that suffered two major data breaches in 2022.
A recently filed U.S. law enforcement forfeiture complaint, first shared by blockchain investigator ZachXBT, details how the attackers gained access to the stolen funds and quickly moved them across multiple wallets and exchanges before Larsen’s team detected the unauthorized transactions.
At the time of the hack, Larsen publicly acknowledged the incident on social media, clarifying that the affected wallets were his personal holdings and did not belong to Ripple. He assured that his team had acted swiftly to notify exchanges and freeze the compromised accounts while law enforcement launched an investigation.
However, as soon as the forfeiture complaint became public, XRP’s price dropped by over 7%, reflecting the market’s concerns about the security of high-profile crypto holdings. Data from CoinGecko shows that XRP was trading at $2.41 per token following the revelation.
The court filing indicates that a San Francisco resident reported on January 30, 2024, that an unauthorized actor had transferred approximately $150 million worth of cryptocurrency from their accounts.
The complaint does not explicitly name LastPass but references an online password manager, stating that the victim had stored private keys in a secure note within the service.
It further outlines that LastPass suffered data breaches in August and November 2022, during which hackers stole encrypted vault data and user credentials. While LastPass initially claimed that encrypted vaults remained secure, later reports suggested that some vaults had indeed been compromised, exposing critical financial assets.
The hack has drawn renewed attention to the ongoing fallout from the LastPass breach, which has already contributed to significant crypto-related losses. The Security Alliance (SEAL), a cybersecurity firm specializing in digital asset protection, estimated in December 2024 that at least $250 million had been stolen from LastPass users as a result of the 2022 incident. This latest theft only adds to growing concerns over the risks of relying on cloud-based password managers to store sensitive financial information.
Beyond the immediate financial loss, the incident has also revived speculation about Larsen’s past XRP transactions. On-chain data from Arkham Intelligence reveals that in January 2025, a $109 million XRP transfer was executed, with the funds distributed across exchanges including Coinbase, Bitstamp, and Bybit. This movement triggered speculation about whether Larsen had lost access to some of his holdings or transferred control of them.
Blockchain investigator ZachXBT also pointed out that in September 2020, Larsen had moved 500 million XRP—worth $115 million at the time—to an unknown destination. While Larsen later stated that the funds had been sent to NYDIG for safekeeping, members of the crypto community have long suspected that it could have been a covert sale, though no concrete evidence has ever supported this theory.
Despite the significant loss from the January hack, Larsen’s remaining holdings remain substantial. He still possesses over 2.7 billion XRP, valued at approximately $7.18 billion, with many of these wallets having remained inactive for six to seven years.
The latest developments come at a time when digital assets are increasingly under regulatory scrutiny, particularly following Donald Trump’s recent announcement of a U.S. strategic crypto reserve that would include XRP, along with Bitcoin, Ethereum, Solana, and Cardano.
Larsen has yet to comment publicly on the forfeiture notice, and Ripple has not issued an official statement regarding the breach.
