A forfeiture complaint unsealed by the U.S. Justice Department yesterday and first spotted by crypto fraud investigator ZachXBT reveals that U.S. Secret Service agents who interviewed the victim believe the attackers could have only stolen the cryptocurrency using private keys extracted by cracking the victim's password vault stolen in a 2022 breach of an online password manager. "A forfeiture complaint filed yesterday by US law enforcement revealed the cause for the ~$150M (283M XRP) hack of Ripple co-founder, Chris Larsen's wallet in Jan 2024 was the result of storing private keys in LastPass (password manager which was hacked in 2022)," he said today in a Telegram message. "The scale of a theft and rapid dissipation of funds would have required the efforts of multiple malicious actors, and was consistent with the online password manager breaches and attack on other victims whose cryptocurrency was stolen," the complaint reads. They also discovered no evidence that the victim's devices were hacked, which points to the decryption of the stolen online password manager data as the only way the attackers could have obtained the keys needed to compromise the victim's crypto wallet. Even though the investigators didn't identify the victim, the details match the hack and the theft of $150 million in cryptocurrency from Ripple co-founder and executive chairman Chris Larsen, which was disclosed on January 31, 2024. Since then, multiple security experts have shared that they believe the LastPass hackers have cracked some of the stolen vault data and used the extracted private keys and credentials in major cryptocurrency heists. While the investigators didn't name the online password manager, the complaint says that the platform was hit by "two major data breaches" in August 2022 and November 2022.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 07 Mar 2025 19:15:31 +0000