The shocking theft of 283 million XRP from Ripple co-founder Chris Larsen’s personal accounts in January 2024 has now been linked to a password manager breach, according to a newly revealed forfeiture complaint from U.S. law enforcement. Crypto investigator ZachXBT disclosed the findings on March 7, sharing that the security failure stemmed from Larsen storing private keys in LastPass, a password manager that was hacked in 2022. Until now, Larsen had not publicly confirmed the cause of the breach.

According to the complaint, Larsen’s private keys were stored in LastPass before being deleted. However, four devices were enabled with the password manager, which had a long and complex password. LastPass suffered two major breaches in 2022—one in August and another in November—where attackers stole encrypted passwords and password vault data. The FBI believes this compromised information was later exploited to steal cryptocurrency and other assets.

At the time of the theft, the stolen XRP was worth approximately $150 million. By March 7, its value had surged to $683 million. Following the hack, blockchain investigator ZachXBT tracked the stolen tokens being laundered across several crypto exchanges, including Binance, Kraken, OKX, and others.

This isn’t the first time LastPass has been linked to crypto thefts. In December 2024, hackers used stolen data to drain an additional $45 million from crypto holders. Security experts warn that seed phrases and private keys stored on LastPass before 2023 remain at risk.

The incident highlights the dangers of storing private keys online. Experts advise writing them down and keeping them in a secure location or using offline storage options like hardware wallets. While password managers can help generate strong passwords for crypto accounts, storing private keys in them poses a significant security risk.