U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto pockets in January 2024. Investigators consider hackers who breached LastPass in 2022 had been behind the assault.
Regardless of the risk actors’ efforts, regulation enforcement brokers traced $23,604,815.09 of the stolen digital belongings between June 2024 and February 2025 to the next cryptocurrency exchanges: OKX, Payward Interactive, Inc. (dba Kraken), WhiteBIT, AscendEX Know-how SRL, Ftrader Ltd (dba FixedFloat), SwapSpace LLC, and Rabbit Finance LLC (dba CoinRabbit).
A forfeiture grievance unsealed by the U.S. Justice Division yesterday and first noticed by crypto fraud investigator ZachXBT reveals that U.S. Secret Service brokers who interviewed the sufferer consider the attackers may have solely stolen the cryptocurrency utilizing non-public keys extracted by cracking the sufferer’s password vault stolen in a 2022 breach of a web-based password supervisor.
They discovered that the stolen knowledge and passwords saved in a number of victims’ password supervisor accounts had been utilized by attackers to entry “their digital accounts and steal info, cryptocurrency, and different knowledge.”
In addition they found no proof that the sufferer’s gadgets had been hacked, which factors to the decryption of the stolen on-line password supervisor knowledge as the one approach the attackers may have obtained the keys wanted to compromise the sufferer’s crypto pockets.
“The dimensions of a theft and speedy dissipation of funds would have required the efforts of a number of malicious actors, and was in keeping with the net password supervisor breaches and assault on different victims whose cryptocurrency was stolen,” the grievance reads.
“For these causes, regulation enforcement brokers consider the cryptocurrency stolen from Sufferer was dedicated by the identical attackers who carried out the assault on the net password supervisor, and cryptocurrency thefts from different equally located victims.”
Crypto theft linked to LastPass hacks
Whereas the investigators did not identify the on-line password supervisor, the grievance says that the platform was hit by “two main knowledge breaches” in August 2022 and November 2022.
This timeline aligns with safety breaches disclosed by LastPass three years in the past when the corporate stated that attackers stole supply code and proprietary technical info, in addition to buyer vault knowledge, after breaching its cloud storage.
Since then, a number of safety specialists have shared that they consider the LastPass hackers have cracked a few of the stolen vault knowledge and used the extracted non-public keys and credentials in main cryptocurrency heists.
Regardless that the investigators did not establish the sufferer, the main points match the hack and the theft of $150 million in cryptocurrency from Ripple co-founder and govt chairman Chris Larsen, which was disclosed on January 31, 2024.
ZachXBT first linked the $23 million in cryptocurrency seized this week and the hack of Larsen’s XRP pockets.
“A forfeiture grievance filed yesterday by US regulation enforcement revealed the trigger for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen’s pockets in Jan 2024 was the results of storing non-public keys in LastPass (password supervisor which was hacked in 2022),” he stated at the moment in a Telegram message.
A Ripple spokesperson was not instantly obtainable when BleepingComputer reached out for remark earlier at the moment.
Replace March 07, 14:40 EST: LastPass despatched the next assertion after publishing time:
Since we initially disclosed this incident again in 2022, LastPass has labored in shut cooperation with a number of representatives from regulation enforcement. To this point, our regulation enforcement companions haven’t made us conscious of any conclusive proof that connects any crypto thefts to our incident.
