In a recent development that has sent ripples through the cryptocurrency community, Hacken, a blockchain analytics platform, has reported a significant security breach involving Chris Larsen, the co-founder and chairman of Ripple. On January 31, Larsen disclosed that his wallets were compromised, leading to a loss of 213 million XRP, valued at approximately $112.5 million at the time of the incident. This event has drawn attention to the magnitude of the loss and its potential implications for internal security measures within Ripple.
Hacken’s investigation into the breach has revealed intriguing connections between the hacked wallets and accounts that may be associated with Ripple itself. According to the firm’s February 7 report, the attacker diverted the stolen funds across eight wallet accounts.
A significant portion of these funds, amounting to $70.9 million in XRP, was then consolidated into a single wallet with an address starting with “rHyqB.” This wallet played a crucial role in the subsequent laundering of the stolen assets, funneling them through various intermediaries before some funds ended up in a Binance deposit address.
Connections to Ripple’s authorized wallets
The analytical efforts by Hacken have unearthed connections that suggest a closer relationship between the attacker’s actions and Ripple’s internal operations than previously thought. One of the wallets, identified by its starting address “rU1bPM4,” has been highlighted for its historical transactions with Larsen, including a substantial transfer of $64.6 million in XRP. This same wallet also made a smaller transfer of $37,500 to one of the intermediate wallets used by the attacker, raising questions about the possible identity of the individual behind these transactions.
Further scrutiny of the transactions linked to the “rU1bPM4” wallet revealed its involvement in nearly $2 million worth of transfers to a Kraken deposit address in 2020, a destination also used by the attacker to funnel funds from the hack. Hacken’s findings suggest that this wallet has longstanding connections with XRP, predating the hacking incident. The involvement of wallets associated with Ripple’s authorized operations in the hack indicates a complex web of transactions that could point towards an inside job. However, Hacken has cautioned that it is too early to draw definitive conclusions.
Implications and ongoing investigations
The revelation of these connections between the hacked funds and wallets linked to Ripple’s authorized operations has cast a shadow over the security practices at one of the leading companies in the cryptocurrency space. The involvement of Binance in freezing $4.2 million worth of the stolen XRP underscores the collaborative efforts within the industry to mitigate the impact of such security breaches. However, the potential internal links to the hack raise serious concerns about the safeguards to protect against such incidents.
As the investigation continues, the cryptocurrency community remains on edge, awaiting further disclosures that could shed light on the nature of the breach and the perpetrator’s identity. The incident is a stark reminder of the vulnerabilities within the digital asset space, even among its most established players. The outcome of Hacken’s investigation and the steps taken by Ripple in response to these findings will be closely watched, as they will have significant implications for trust and security in the broader cryptocurrency ecosystem.
