U.S. authorities have successfully seized over $23 million in cryptocurrency associated with a significant theft amounting to $150 million from a Ripple crypto wallet in January 2024. Investigations suggest that the perpetrators of this cybercrime are linked to the 2022 breach of LastPass, an online password management service.
Between June 2024 and February 2025, law enforcement agents meticulously traced $23,604,815.09 of the stolen digital assets to various cryptocurrency exchanges, including OKX, Payward Interactive, Inc. (dba Kraken), WhiteBIT, AscendEX Technology SRL, Ftrader Ltd (dba FixedFloat), SwapSpace LLC, and Rabbit Finance LLC (dba CoinRabbit).
Investigation Details: Breach and Cryptocurrency Theft
A forfeiture complaint recently unsealed by the U.S. Justice Department reveals critical findings regarding how the theft occurred. According to the investigation, U.S. Secret Service agents, who conducted interviews with the victim, assert that the attackers likely exploited private keys obtained through cracking the victim’s password vault, which was compromised during LastPass’s data breach in 2022.
Notably, investigative efforts indicate that the stolen data and passwords extracted from multiple victims’ password manager accounts were subsequently utilized by the attackers to access electronic accounts, facilitating the theft of information, cryptocurrency, and other sensitive data. The investigation found no evidence suggesting that the victim’s devices were directly compromised, reinforcing the theory that the decryption of stolen LastPass data was the sole means through which the attackers could obtain the necessary keys to infiltrate the victim’s crypto wallet.
The complaint mentions, "The scale of the theft and the rapid dissipation of funds would have necessitated the involvement of multiple malicious actors, indicative of the hacks on the password manager and additional victims whose cryptocurrency was similarly stolen." Investigators believe that the cryptocurrency theft from the victim is directly attributable to the same attackers responsible for the LastPass breach.
Connection to LastPass Breaches
Although the complaint does not explicitly name the online password manager involved, it notes that the platform experienced two major data breaches in August and November 2022. This timeline is consistent with disclosures from LastPass, which reported that attackers had stolen source code, proprietary information, and customer vault data by breaching its cloud storage.
In the aftermath of the breaches, multiple cybersecurity experts have speculated that the same actors behind the LastPass intrusions have exploited the compromised vault data to facilitate substantial cryptocurrency heists. The details surrounding the incident align closely with the hack and subsequent theft of $150 million in cryptocurrency from Ripple co-founder and executive chairman Chris Larsen, which was revealed on January 31, 2024.
Analysis and Expert Commentary
ZachXBT, a noted crypto fraud investigator, was the first to establish a connection between the seized $23 million in cryptocurrency and the hack of Chris Larsen’s XRP wallet. He elaborated on his findings in a Telegram message stating, “A forfeiture complaint filed yesterday by U.S. law enforcement revealed that the ~$150M (283M XRP) hack of Ripple co-founder Chris Larsen’s wallet in January 2024 was a direct result of storing private keys in LastPass, which was hacked in 2022.”
In response to the resurgence of these concerns, a representative from LastPass was not immediately available for comment. However, they later issued a statement, asserting, "Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple law enforcement representatives. To date, our partners in law enforcement have not provided conclusive evidence linking any crypto thefts to our incident."
Best Practices in Cybersecurity
The vulnerabilities exposed by this incident underscore the critical importance of robust cybersecurity practices. Users are advised to:
-
Utilize Dedicated Hardware Wallets: For cryptocurrency holdings, using hardware wallets can significantly reduce the risk of online breaches.
-
Implement Strong, Unique Passwords: Password managers can be beneficial, but they should not be the sole security layer. Employing strong, unique passwords for different accounts mitigates risk.
-
Enable Two-Factor Authentication (2FA): Utilizing 2FA adds an additional layer of security that is crucial in protecting sensitive accounts.
-
Stay Informed About Security Breaches: Regularly monitor announcements from your password manager and other services for any potential security incidents.
- Educate Yourself on Phishing Scams: Being aware of the tactics used by cybercriminals can help users avoid falling victim to scams.
For more in-depth insights into mitigating cybersecurity risks and maintaining the integrity of your digital assets, stay engaged with ongoing developments in the field.