Crypto tycoon Chris Larsen watched helplessly as hackers swiped $150 million worth of XRP from his personal wallet in January 2024. The theft initially involved 283 million XRP tokens. Fast forward to March 2025, and those same tokens are now worth over $600 million. Talk about adding insult to injury.
The breach wasn’t random. Investigators traced the hack back to the notorious 2022 LastPass security breach, where encrypted customer password vaults were stolen alongside unencrypted metadata for 25 million users. Larsen had stored his private keys in LastPass. Big mistake.
The thieves knew exactly what they were doing. After getting their hands on Larsen’s private keys, they quickly moved the stolen funds through a maze of exchanges including Binance, Kraken, and OKX.
They didn’t stop there. The hackers leveraged decentralized exchanges and blockchain bridges to further obscure their digital footprints. Classic money laundering, crypto style.
Law enforcement finally caught a break. On March 6, 2025, U.S. authorities filed a forfeiture complaint, revealing they’d seized about $24 million of the stolen funds. The FBI and Secret Service linked this theft to several other cryptocurrency heists. Same hackers, different victims.
The ripple effects (no pun intended) spread throughout the crypto industry. Suddenly everyone was questioning their security protocols. Password managers for crypto keys? Maybe not such a brilliant idea after all. Security experts are now emphasizing that cold storage options like hardware wallets provide significantly better protection for high-value crypto assets.
The LastPass breach keeps on giving—to criminals. Since 2022, thieves have stolen at least $35 million from over 150 victims whose vaults were compromised. Security experts noted that many victims lacked sufficient password complexity, making them particularly vulnerable to attackers with offline access to encrypted vaults. As recently as December 2024, hackers swiped $5.36 million from over 40 addresses.
Larsen confirmed the hack only affected his personal accounts, not Ripple’s corporate wallets. Small consolation for a $150 million loss.
The incident serves as a stark reminder that in the crypto world, you’re always just one security mistake away from disaster. Hardware wallets and cold storage looking pretty good right about now. Experts now strongly recommend multi-signature authentication as an essential security measure for anyone holding significant cryptocurrency assets.
