Remember that massive $150 million crypto heist targeting Ripple’s co-founder, Chris Larsen? Well, it seems we might finally know what went wrong. Cybercriminals reportedly gained access by exploiting a major security flaw: Larsen’s private keys were apparently stored in the popular password manager, LastPass.

This revelation comes from none other than crypto investigator ZachXBT, who pointed to a recently filed forfeiture complaint from the US government. This legal document, submitted in California federal court, details the seizure of over $23.6 million in cryptocurrencies recovered from exchanges like OKX, Kraken, and others.

According to ZachXBT in a post, the cause of this huge theft had been kept under wraps by Chris Larsen himself, until now.

Back in January 2024, when the attack happened, hackers made off with a staggering 283 million XRP tokens, roughly $150 million worth. At the time, ZachXBT was already on the case, tracking the stolen funds as they were allegedly being laundered through various exchanges, including “MEXC, Gate, Binance, Kraken, OKX, HTX, and HitBTC.”

Read more: Genesis-era XRP unlocked, sent to exchange after Trump endorsement

Delving into the forfeiture complaint, it appears a person associated with Larsen, responsible for managing his crypto wallets, made a critical error. They stored private keys – the keys to the kingdom in crypto – within an online password manager. Unfortunately, this password manager reportedly suffered breaches in August and November of 2022.

Interestingly, a timeline detailing hacks against LastPass lines up with the dates in the complaint. The legal document alleges that data and passwords stolen during these earlier LastPass breaches “were used to illegally, and without authorization, access the victims’ electronic accounts and steal information, cryptocurrency, and other data.”

Acting on warrants issued by magistrate court judges in Northern California, authorities have now seized the stolen cryptocurrency. The complaint further states that these recovered funds are intended to be “forfeited to the US government for proper disposition.”

Have a tip? Drop us a line via email or ProtonMail. Stay up-to-date with insightful news by following us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.