Fears that the Ripple network was compromised by a hacker earlier today rippled through the cryptocurrency community as $112.5 million of its native token, XRP, was stolen and laundered through various crypto exchanges. Luckily for the XRP holders and the crypto sphere in general, it turns out that it was a one-off attack against one of the network’s co-founders, Chris Larsen.
Over $112 million worth of XRP was reportedly stolen from Larsen’s personal holdings and rapidly sent to external wallets where it was then split among various wallets and exchanges in an attempt to launder the funds. The news sent XRP’s price tumbling by nearly 6% amid concerns that the incident could signal a far-reaching breach affecting the entire Ripple blockchain.
213 Million XRP Tokens Are Now in the Hands of a Hacker
The eye-watering hack first came to light thanks to blockchain analysis conducted by ZachXBT, a popular Twitter sleuth and independent investigator known for uncovering multiple massive crypto fraud schemes. ZachXBT tweeted that on-chain activity showed that 213 million XRP tokens worth $112.5 million at current prices mysteriously exited a Ripple-linked wallet.
It appears @Ripple was hacked for ~213M XRP ($112.5M)
So far the stolen funds have been laundered through MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc pic.twitter.com/HKGYsLQeMv
— ZachXBT (@zachxbt) January 31, 2024
The tokens were quickly distributed across eight smaller wallets in parallel before hitting major exchanges like Binance, OKX, and Kraken within minutes. This laundering tactic makes the task of tracking and freezing the stolen funds more difficult for Ripple, authorities, and the exchanges themselves. However, once notified, several exchanges have managed to halt transfers and lock down some of the ill-gotten proceeds.
Ripple’s Larsen Confirms Breach of Private Wallets
Following ZachXBT’s online disclosure, Ripple’s co-creator Chris Larsen confirmed the breach on X (Twitter) where he affirmed there was “unauthorized access to a few of my personal XRP accounts”.
Yesterday, there was unauthorized access to a few of my personal XRP accounts (not @Ripple) – we were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved. https://t.co/T3HtKSlzLg
— Chris Larsen (@chrislarsensf) January 31, 2024
Larsen highlighted that Ripple acted swiftly upon detecting the breach, contacting exchanges and law enforcement agencies within hours. It is unclear when Ripple noticed the breach and how long it went until they notified these third parties.
However, the fact that the perpetrators managed to withdraw over $112 million worth of XRP before any alarms were raised appears to be just one of many other concerns stemming from the incident and voiced by Larsen’s followers on X.
Some users argue that Larsen’s statement lacked clarification of many important issues such as when the company found out that the breach occurred, why the co-founder owns so many XRP tokens, and how much XRP he controls given that he mentioned that only a “few” of his wallets were hacked, despite the fact that the amount the hacker siphoned was staggering.
“a few of my personal addresses”
damn you didn’t need to flex like that.
— Pop Punk (@PopPunkOnChain) January 31, 2024
Moreover, the revelation that a Ripple top executive failed to adequately safeguard his XRP wealth may spark doubts regarding the blockchain company’s reliability and security standards.
Where Did the Stolen XRP Tokens Go?
While Ripple says it is collaborating closely with authorities to trace and potentially reclaim the stolen tokens, the perpetrator(s) remain unidentified. The hacking party utilized a common laundering technique designed to obfuscate the money trail.
After withdrawing the XRP in bulk from what was likely Larsen’s main wallet, the funds flowed through eight other newly generated wallets in rapid sequence. From there, each account split the balance into smaller chunks over multiple quick transactions.
According to the forensic analysis conducted by ZachXBT, this intermediary phase lasted barely fifteen minutes before the eighth account began transferring XRP directly to major cryptocurrency trading platforms.
At Least $100M Have Been Stolen from Crypto Protocols in the First Month of 2024
This latest seemingly successful hack of a prominent figure in the crypto space is once again sparking doubts about the alleged security of blockchain companies.
Just a few weeks into 2024, the number of massive crypto hacks is already on the rise. Only 2 days after the year started, Orbit Chain, a cross-chain bridge, reportedly suffered an $82 million hack. These hacks generally affect a wide swathe of people, not just one incredibly rich founder like Larson.
The company confirmed that it contacted Korean law enforcement agencies to be assisted in its response.
On 25 January, they published their official statement about the incident. The company informed that a couple of developers with deep access to the firm’s systems and IT infrastructure left open some vulnerabilities that hackers later on exploited. These weaknesses included making the company’s firewall “vulnerable” to cyberattacks.
None of the assets that were extracted from the protocol have been recovered thus far. The company went as far as to offer an $8M bounty to those who provided critical information to catch the attackers. It appears that none of these efforts have yielded fruit.
Apart from the Orbit Chain incident, others of a relatively smaller scale have happened thus far in 2024 including a $4.5 million hack involving Radiant Capital, a cross-chain lending protocol.
Meanwhile, Socket Protocol, a blockchain interoperability protocol, also suffered an attack that effectively drained $3.3 million. More than 200 crypto wallets were affected by the incident. Socket reportedly offered those who were impacted by the breach a full reimbursement on their lost assets.
Market Participants Punish XRP Amid Security Concerns
The fallout from the news has already impacted XRP’s market valuation, with prices sinking by 4% in early trading following Larsen’s confirmation of the breach. The sudden price drop reflects investors’ anxiety despite the implicit assurance provided by Ripple that its own systems remain uncompromised.
The blockchain is now facing tough questions about why such enormous XRP transactions were not flagged in real-time and how its security apparatus failed to protect its co-founder from the breach.
Until additional facts about the root cause and perpetrator(s) emerge from law enforcement investigations, investors may steer clear of XRP though its price has mostly recovered from its dip earlier today. The further time passes without the team providing additional clarification to the extent, nature, implications, and remedies resulting from the incident, the more the asset price could be punished.