Ripple co-founder was robbed of $112 million worth of XRP tokens
AML Crypto
0x2BF8
February 7th, 2024

On January 31, 2024, Ripple co-founder and executive chairman Chris Larsen confirmed research by ZachXBT about the theft of XRP funds from his personal addresses.

Ripple Labs, Inc**. — is a California company founded in 2012. It specializes in developing technologies for financial services, in particular blockchain technology and digital payment solutions. Ripple’s key product, the XRP cryptocurrency.

A post by Chris Larsen confirming the theft of his tokens. Source: https://twitter.com/chrislarsensf/status/1752702297971532258
A post by Chris Larsen confirming the theft of his tokens. Source: https://twitter.com/chrislarsensf/status/1752702297971532258

ZachXBT is known in the cryptocurrency community as an anonymous researcher and whistleblower, specializing in investigations of fraud, theft and various dubious projects in the world of cryptocurrencies and blockchain.

Thus, in the first month of 2024* we faced the largest theft of funds this year (and in general, by the standards of 2023).*which are known or were covered at the time of publication of this article

HOW DID THIS HAPPEN?

On January 30, 2024, attackers gained access to Chris Larsen’s SEED phrase. Within 12 hours, the attackers made 8 transactions, totaling 213,078,759 TRX (equivalent to $112 million at the time of the transactions).

The graph of connections is taken from the AML Crypto tool — Bholder: https://amlcrypto.io/ru/products/bholder
The graph of connections is taken from the AML Crypto tool — Bholder: https://amlcrypto.io/ru/products/bholder

Subsequently, the attackers laundered funds using a similar pattern. For example, let’s look at one of the chains through which attackers laundered 70 million TRX:

The graph of connections is taken from the AML Crypto tool — Bholder: https://amlcrypto.io/ru/products/bholder
The graph of connections is taken from the AML Crypto tool — Bholder: https://amlcrypto.io/ru/products/bholder

The attackers used transit addresses, and some of them were created (deployed) directly with the help of stolen funds. However, each chain shows that the attackers did not try very hard to hide their tracks.

The largest of the chains we analyzed does not contain more than 5 transit addresses.

Ultimately, the attackers laundered funds to centralized exchanges (CEX). The most popular exchanges were: Binance, MXC, Kraken, Kucoin, Gate, Exmo, Coinone and Whitebit. We talked about what CEX proposes to do in case of theft of crypto assets in this article.

WHAT WERE THE CONSEQUENCES?

The project’s native token reacted to the news with a restrained decline. The XRP rate fell by 2% in half an hour — from $0.505 to $0.495.

Source: https://www.tradingview.com/
Source: https://www.tradingview.com/

Fortunately for holders, the token did not feel the impact of the theft and its price quickly recovered. Over a longer period, we see a drop, which is possibly associated with the sale and exchange of stolen tokens on centralized exchanges by attackers.

On February 1, 2024, Richard Teng (the new head of Binance after CZ left) announced that funds equivalent to $4.2 million that ended up on the Binance exchange were successfully frozen.

Source: https://twitter.com/_RichardTeng/status/1753100751713517903
Source: https://twitter.com/_RichardTeng/status/1753100751713517903

This information once again tells us that a centralized exchange can easily freeze your funds. In this case, it’s probably a good incident. But imagine that you received funds from a hacker who hacked Chris Larsen without knowing it, transferred your funds to the exchange, and they were blocked and seized?!

To avoid such situations, it is necessary to conduct an AML check of the cryptocurrency addresses of your counterparties. You can do this using our tool Btrace.

WHAT IF I ALSO LOST $112 MILLION?

The first thing you need to do is not get depressed. If we lost such funds, we would obviously be very upset.

If you really have become a victim of fraud, we advise you to read our article: How to return stolen funds in which we described in detail the refund scheme and all your steps towards restoring the funds. And of course, you should seek help from professionals.

What you need to do first:

  • **Determine how the loss occurred:**Hacker Attack/Fraud: If you suspect that you have become a victim of a scam or hacker attack, proceed to the following steps immediately.Lost access: If you have lost access to your wallet (for example, you forgot your password or lost your keys), try to regain access using backup recovery phrases.

  • **Save all evidence:**Take screenshots of messages, transaction history and any other information that can be used as evidence in an investigation.

  • **Contact support for relevant platforms:**If funds have been lost through an exchange or other platform, immediately contact their support team and report the incident.

  • **Refer to AML Crypto:**We will promptly draw up all required reports on forms accepted by law enforcement and judicial authorities

  • **Contact law enforcement:**Report loss of funds to local law enforcement. This may be a prerequisite for further investigation and possible refund.

Subscribe to AML Crypto
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
G9UdBfQGrLfMzzU…IZLmCNlMwbBdzno
Author Address
0x2BF8dC74cc6f597…46C07b8B5bCCE3C
Content Digest
PzjUXXnTcEaXKuU…AcuXtakXsEMvBmg