Investigation Shows XRP Theft from Ripple Chairman Hack Larger than Reported

An investigation from The Crypto Basic shows the XRP theft from the Ripple chairman hack was larger than previously reported, following an analysis from Hacken, a web3 security auditing protocol.

The security auditor was one of the entities to call attention to the hack on Jan. 31 following ZachXBT’s disclosure. Recall that earlier reports suggested that the exploit led to the loss of about 213 million XRP, with the malicious actors leveraging centralized exchanges to launder the funds.

In its latest report, Hacken pointed out that the movement of the stolen funds took over 11 hours. The platform noted that this long duration is unconventional, as exploiters often take out stolen funds as quickly as possible following a hacking incident.

The investigation by Hacken, led by their security expert Dmytro Yasmanovych, revealed that the hackers moved the stolen XRP from Larsen’s wallet to eight different addresses, and then funneled them into centralized exchanges for laundering. ZachXBT noted this earlier.

The XRP Wallet of Focus

Hacken spotlighted a particular address with the initials rU1bPM4q. According to them, this address is worth noting, as it interacted multiple times with Chris Larsen’s wallet even before the hack. These interactions confirm that Larsen knows the address.

The Hacken team then noted that one of the addresses the hackers used to receive the funds was a Kraken address. They discovered that this Kraken address also interacted with address rU1bPM4, the wallet of focus, as far back as 2020. Notably, rU1bPM4 sent 5.7 million XRP to the Kraken address in March 2020.

– Advertisement –

Based on their investigation, they were basically pointing out that the Kraken address the hackers used to receive the stolen funds has in the past interacted with an address that Larsen is familiar with. This raised questions, with speculation that Larsen might know the individuals behind the incident.

Ripple CTO Clears the Air

Notably, the Ripple CTO David Schwartz clarified the situation in a response to their report. Schwartz highlighted that Kraken only has one XRPL address, which is the address spotlighted by Hacken. All deposits to Kraken enter into this address, but users leverage destination tags to specify who the deposit goes to.

Hacken erroneously implied that this address specifically belonged to the hackers, not knowing that it is Kraken’s general deposit address. This is basically how the XRP Ledger works. Schwartz pointed out that the Hacken time might not be familiar with how the network works.

In a subsequent update, the Hacken team admitted the error in their research, and corrected their stance. However, some questions remained unanswered, especially regarding the rU1bPM4 address earlier spotlighted in the research.

The team discovered that, besides interacting with the Kraken deposit address, rU1bPM4 also interacted with another address (rs1S85L) used to receive the stolen assets.

Investigation Shows More XRP Stolen

The Crypto Basic conducted its own separate investigation and found that the interaction rU1bPM4 had with the hackers’ address rs1S85L was not entirely suspicious.

Notably, rU1bPM only interacted with rs1S85L, the hackers’ address, once on the day of the hack. In addition, rs1S85L was activated by European exchange WhiteBIT, which might suggest an affiliation with the exchange. However, this remains unconfirmed.

Moreover, an extensive look at rU1bPM4 shows that the address belongs to Larsen. Interestingly, this address also saw outflows to multiple addresses belonging to the hackers during the hack. These outflows amounted to over 28 million XRP from 11:13 to 22:45 (UTC) on Jan. 30.

This indicates that rU1bPM4 also suffered an attack just like Larsen’s other wallet on Jan. 30. As a result, the interaction with rs1S85L, amounting to a 70,000 XRP, was one of the outflows initiated by the hackers. In fact, it was the last transaction from the hackers.


XRP Outflows from Ripple Chairman Hack Bithomp
XRP Outflows from Ripple Chairman Hack | Bithomp

The finding suggests that the stolen funds might be more than earlier reported. Prominent on-chain sleuth Tayvona confirmed this in a reply to Hacken. She shared multiple transaction IDs of the malicious outflows, stressing that the stolen assets actually amounted to 282 million XRP, and not 213 million XRP.

Follow Us on Twitter and Facebook.

Disclaimer: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic’s opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.

-Advertisement-

Source: https://thecryptobasic.com/2024/02/10/investigation-shows-xrp-theft-from-ripple-chairman-hack-larger-than-reported/?utm_source=rss&utm_medium=rss&utm_campaign=investigation-shows-xrp-theft-from-ripple-chairman-hack-larger-than-reported