Ripple Co-Founder Loses $150M in Hack: LastPass Breach Exposes Crypto Risks

Ripple co-founder Chris Larsen lost $150M in a hack tied to LastPass breaches, exposing risks of storing crypto keys in centralized password managers.

Yahya Raza
March 8, 2025
8:02 pm

Yahya Raza

Syed Yahya Raza Sherzai is a crypto news writer known for his in-depth analysis and timely reporting on blockchain technology, cryptocurrency markets, and decentralized finance (DeFi). With a keen eye for emerging trends and regulatory developments, Sherzai has established himself as a trusted voice in the cryptocurrency space.

Ripple co-founder loses $150M in hack tied to LastPass breaches.
Hackers stole 213M XRP, laundered through top crypto exchanges.
Shows risks of storing crypto keys in centralized password managers.

The forfeiture complaint states that Ripple co-founder Chris Larsen was defrauded out of $150 million in a hack. Blockchain investigator ZachXBT attributed the theft to private keys exposed in LastPass, one of the platforms that faced massive hacking attacks in 2022. Thus, the attacks were made using stolen data from the vault, leading to one of the largest individual losses in crypto.

Don't store private keys in password managers!

A forfeiture complaint filed yesterday revealed the ~$150M (283M XRP) hack of Ripple co-founder @chrislarsensf's wallet in Jan 2024 was the result of storing keys in LastPass (compromised in 2022).

H/T @zachxbt pic.twitter.com/81NS8mp7a8
— Jameson Lopp (@lopp) March 7, 2025

In December 2022, there were two major large breaches of LastPass, the first in August and the second in November. These breaches resulted in the theft of passwords and secured vaults belonging to different users. Larsen, “Victim 2,” had his personal keys, in addition to other sensitive information such as notes and bank details, inside the LastPass database. He then deleted all the physical copies of the keys and depended on a password on the account to retrieve the keys.

Ripple Co-Founder’s Crypto Loss

Larsen’s LastPass login was available on four devices only, and all came with passwords known only to family members. Larsen first disclosed the hack on Jan. 31, 2024. The attackers were able to penetrate the vault and make away with about 213 million XRP thus amounting to over $112.5 million at the time.

Therefore, the stolen tokens were washed through huge crypto trading platforms such as Huobi, Binance, Kraken, OKX, Gate, MEXC, HTX, and HitBTC. Although Larsen and his team contacted these exchanges to freeze the compromised addresses, the reason for the breach was not made public.

FBI is examining the LastPass breaches the law enforcement agents are cooperating with Larsen’s case. Hence, the attackers were able to use the stolen vault data presented in this study to realize their illicit objectives, including accessing unauthorized cryptocurrency accounts and other forms of information. Another person who expressed his anger with Larsen was ZachXBT and questioned Larsen’s decisions to hide the cause of the theft.

“Only if Chris Larsen had shown basic transparency with sharing their findings for the root cause prior to this or had helped organize a class action against LastPass.”

This scenario demonstrates that storing private keys through a single-set password database can be dangerous. Thus, Larsen’s case suggests that the security of cryptocurrencies should be improved.