Hacken, a leading cybersecurity firm, has uncovered evidence suggesting an inside job in the recent hacking of Ripple co-founder and chairman Chris Larsen’s personal wallets. The sophisticated breach led to the loss of 213 million XRP, amounting to $112.5 million, and has since been under the microscope for its potential implications on Ripple’s internal security protocols.
On January 31, 2024, the breach not only startled the crypto community with its scale but also with its duration—lasting an unconventional 11 hours and 11 minutes. Leading the investigation, Hacken’s Dmytro Yasmanovych provided insight into their findings, “Our team embarked on a comprehensive investigation, uncovering a network of transactions that suggest a more intricate involvement within Ripple’s own infrastructure.”
Was The Ripple Chairman’s Hacker An Insider?
The initial phase of Hacken’s analysis revealed that the funds from the compromised “red” wallet were distributed to eight different wallets before being funneled into accounts at various centralized exchanges (CEXs).
A critical piece of the puzzle was a $64 million transaction to a new address, which Yasmanovych elaborated on, “Our investigation reveals that the new address involved in a $64 million transaction is directly connected with the XRP pack of addresses and had some outgoing and incoming transactions between them. Notably, it also engages with wallets tied to the transfer of stolen funds.”
Remarkably, a large portion of the stolen funds was traced to various exchange addresses by Hacken. Among the transactions, a Kraken exchange address (rLHzPsX6oXkzU2qL12kHCH8G8cnZv1rBJh) was identified as playing a pivotal role in the movement of the stolen funds. Hacken’s investigation also brought to light the historical connections of a wallet (rU1bPM4q2rVhC73F7znm7Lt5QnYzZsV35q) with ties to XRP that predates the hacking incident.
“Interestingly, this wallet not only shares connections with the Kraken wallet used for fund funneling but also with another account involved in transferring funds to a different CEX in this incident,” Yasmanovych stated, underscoring the depth of their investigative work.
While stopping short of accusing a Ripple employee directly, the firm emphasized: “Our investigation reveals a complex network of transactions, with some leading back to XRP. In this incident, two wallets connected to XRP’s authorized wallet played key roles. It’s early for conclusions, but the story is getting more interesting.”
In response to the theft, Binance CEO Richard Teng disclosed that his exchange had managed to freeze $4.2 million worth of the stolen XRP, showcasing the crypto community’s efforts to mitigate the fallout. Hacken’s detailed account of the attacker’s strategy—splitting the stolen funds across several wallets and using intermediate wallets for transactions—paints a picture of a highly calculated operation.
At press time, XRP traded at $0.51.
Featured image created with DALL·E, chart from TradingView.com