Key Highlights
- $150 Million XRP Theft: Chris Larsen lost 283 million XRP, valued at $150 million, in January 2024, linked to a 2022 LastPass breach that exposed his private keys, as revealed by ZachXBT citing U.S. law enforcement on March 7, 2025.
- LastPass Fallout: The hack, part of a $250 million wave of LastPass-related crypto losses, saw stolen XRP laundered through exchanges like Binance and Kraken, despite Larsen’s swift action to freeze addresses, per his 2024 statement.
- Larsen’s Remaining Stake: Despite the loss and $109 million in subsequent XRP transfers in January 2025, Larsen retains over 2.7 billion XRP—worth $7 billion—amid rising focus on XRP in Trump’s U.S. crypto reserve plans.
Ripple co-founder Chris Larsen suffered a staggering $150 million loss of XRP in January 2024, a theft now traced to a 2022 security breach at password manager LastPass, according to a U.S. law enforcement forfeiture complaint cited by on-chain sleuth ZachXBT on March 7, 2025. The breach, which compromised private keys stored in Larsen’s LastPass account, led to the theft of 283 million XRP tokens—valued at $112 million at the time—marking one of the largest individual crypto heists in recent years. The revelation, detailed by ZachXBT on X, underscores persistent vulnerabilities in third-party security tools as the crypto industry navigates a shifting regulatory landscape.
The attack unfolded in late January 2024, with hackers swiftly moving the stolen XRP to exchanges including Binance, Kraken, OKX, Gate, HTX, HitBTC, and MEXC for laundering. Larsen confirmed the breach on January 31, 2024, clarifying it targeted his personal accounts, not Ripple’s corporate wallets. “We caught it quickly and notified exchanges to freeze the affected addresses,” he stated then, noting law enforcement’s involvement. However, the LastPass connection—unreported until now—highlights how the 2022 data leak, which exposed encrypted user data, continues to haunt victims years later through decryption efforts by persistent attackers.
ZachXBT, who first flagged the hack in 2024, revealed that the LastPass threat actor has since caused $250 million in total crypto losses across multiple incidents, including a $5 million theft from over 40 addresses just before Christmas 2024. For Larsen, the January hit was a significant blow, though his remaining XRP holdings remain substantial. Blockchain data shows addresses linked to him still hold over 2.7 billion XRP—worth more than $7 billion as of March 2025—despite the loss and subsequent transfers of $109 million in XRP to exchanges like Coinbase, Bitstamp, and Bybit in January alone.
The timing of the disclosure coincides with heightened scrutiny of U.S.-based crypto assets following President Donald Trump’s announcement of a Strategic Crypto Reserve last week. XRP, a key player in Ripple’s payment protocol, has been a focal point, with its price reacting to both regulatory developments and high-profile incidents like Larsen’s hack. On X, @BlockchainCult called it a “wake-up call for security,” while @BecauseBitcoin tied it to broader LastPass fallout, amplifying concerns among Web3 users about centralized storage risks.
Larsen’s ordeal isn’t isolated. The 2022 LastPass breach, where hackers accessed encrypted vaults, has fueled a string of crypto thefts as perpetrators gradually crack user data. In this case, the stolen 283 million XRP—adjusted to $150 million in the latest report due to price fluctuations—represents a significant chunk of Larsen’s personal fortune, though his 2.7 billion XRP reserve underscores his enduring stake in Ripple’s ecosystem. Ripple itself remained unscathed, with CEO Brad Garlinghouse reiterating in 2024 that “no Ripple-managed wallets were compromised.”
For the crypto community, the incident reignites debates over security practices. Storing private keys in a cloud-based service like LastPass, even encrypted, proved a critical misstep for Larsen, a fintech veteran. As the U.S. pushes its crypto reserve agenda, with Bitcoin at $92,000 and XRP under $3, the hack serves as a stark reminder of individual vulnerabilities amid institutional adoption. While Larsen’s quick response limited further damage, the LastPass link—exposed over a year later—casts a long shadow over Web3’s trust in third-party tools.
Disclaimer: TrueToCrypto.com (the “Website”) is for general informational purposes only and is obtained from independent sources that are believed to be reliable. However, TrueToCrypto.com, its owners, affiliates, officers, employees, and agents (collectively, “We,” “Us,” or “Our”) make no representations or warranties, express or implied, as to the accuracy, completeness, timeliness, reliability, or suitability of the information contained on or accessed through this Website. Further read Disclaimer.
