The theft of 283 million XRP from Ripple co-founder Chris Larsen’s personal accounts in January 2024 has been linked to the LastPass security breach, according to a recent forfeiture complaint filed by U.S. law enforcement.
The revelation, first highlighted by blockchain investigator ZachXBT, confirms that attackers gained access to Larsen’s private keys due to compromised credentials stored in the password management service.
The 2022 LastPass hack remains one of the most damaging security incidents in the crypto space, with stolen encrypted password vaults continuing to resurface in subsequent attacks.
Larsen has confirmed that the attack was isolated to his personal accounts and did not impact Ripple’s corporate holdings.
According to the forfeiture complaint, Larsen’s private keys were stored within LastPass before being deleted, but not before they were compromised. The breach involved attackers gaining access to encrypted vault data and exploiting security weaknesses to extract sensitive information, including stored crypto credentials.
Blockchain investigator ZachXBT, who traced the stolen XRP across multiple exchanges, noted that up until this point, Larsen had not publicly disclosed how the attack was carried out.
The stolen XRP, worth approximately $150 million at the time, was quickly moved through various crypto exchanges, including Binance, Kraken, OKX, MEXC, and Gate.io. Some exchanges were able to freeze portions of the stolen funds, but a significant amount had already been laundered
A Growing Pattern of Crypto Thefts
The LastPass breach has been linked to a broader pattern of ongoing crypto thefts. In December 2024, just before Christmas, attackers associated with the breach stole an additional $45 million from compromised accounts. Cybersecurity experts have warned that any private keys or seed phrases stored in LastPass before 2023 may still be at risk, given that stolen vaults remain in circulation among cybercriminals.
The 283 million XRP stolen in January 2024 has since surged in value to over $680 million as of March 2025, highlighting the scale of the loss. The attack has reignited discussions around crypto security best practices, particularly regarding the risks of storing private keys in online password managers.
