U.S. officials have seized over $23 million in cryptocurrency linked to a massive $150 million theft from a Ripple crypto wallet in January 2024.

Investigators believe the hackers responsible for this attack were the same ones behind the 2022 LastPass breach.

Between June 2024 and February 2025, law enforcement tracked the stolen funds to multiple cryptocurrency exchanges, including OKX, Kraken, WhiteBIT, AscendEX, FixedFloat, SwapSpace, and CoinRabbit.


A newly unsealed forfeiture complaint from the U.S. Justice Department, first noted by crypto fraud investigator ZachXBT, details how Secret Service agents interviewed the victim. They concluded that the attackers likely stole the cryptocurrency by decrypting private keys stored in a password vault compromised during the 2022 online password manager breach.

Investigators found that stolen data included passwords from multiple victims’ accounts. Hackers used this information to break into digital wallets, steal funds, and access sensitive information. However, there was no evidence of direct hacking on the victim’s devices, reinforcing the theory that attackers used decrypted password manager data to access the stolen crypto.

Authorities noted that the scale of the theft and the speed at which the stolen funds were moved suggest multiple hackers were involved. This method matches other cryptocurrency thefts linked to password manager breaches.

While the investigators didn’t name the password manager involved, the complaint mentions two major breaches in August and November 2022. These align with security incidents LastPass reported, where hackers stole source code, proprietary technical details, and customer vault data.

READ
NTT Communications Reports Potential Data Leak Following Unauthorized Access

Since then, cybersecurity experts have warned that LastPass hackers may have cracked stolen vault data and used the extracted private keys to orchestrate major cryptocurrency heists.

Ripple Co-Founder’s Wallet Hack

Although the victim was not officially named, the details match the theft of $150 million from the XRP wallet of Ripple co-founder Chris Larsen, which was revealed on January 31, 2024.

Crypto researcher ZachXBT connected this week’s $23 million seizure to Larsen’s stolen XRP, stating, “A forfeiture complaint filed by U.S. law enforcement revealed that the ~$150M (283M XRP) hack of Ripple co-founder Chris Larsen’s wallet in January 2024 was due to private keys being stored in LastPass, which was hacked in 2022.”

Ripple has not yet commented on the latest developments.

(via: Bleepingcomputer)