Ripple Chairman Confirms Hack to His Personal XRP Account, Not Ripple
5 Min Read

Chris Larsen, the executive chairman of Ripple, has officially confirmed a recently reported hacking incident, but clarified that the breach impacted his personal XRP account and not that of Ripple.

Yesterday, renowned on-chain sleuth ZachXBT reported that malicious actors had hacked a Ripple account, leading to the loss of over 213 million XRP worth $112.5 million.

ZachXBT noted that the hackers laundered the assets through different exchanges, including Binance, MEXC,, and Kraken.

Ripple’s executive chairman Chris Larsen reacted to ZachXBT’s disclosure, confirming that the account indeed suffered an exploit. However, Larsen stressed that the account is his personal XRP wallet, and not affiliated with Ripple as an entity.

The Ripple chairman emphasized that they identified the breach and liaised with the exchanges that received the stolen funds to freeze the addresses of the exploiters. According to him, they have also involved some law enforcement authorities.

On-chain Details of the Hack

On-chain data indicates that the hack occurred on Jan. 30, with the first fund movement involving 69.72 million XRP at 11:12 (UTC).

– Advertisement –

Six hours later, the hackers moved 69.14 million XRP to another address. They then continued to siphon more funds until the wallet was empty as of 22:23 (UTC).

The fund outflows occurred in the space of 11 hours across eight transactions, prompting speculation regarding the delayed detection of the hack.

Each transaction moved assets to a different address, and these addresses laundered the tokens through different centralized exchanges. 

Notably, leading XRPL explorers XRPScan and Bithomp tagged the affected address as Ripple, leading to ZachXBT’s attribution of the hack to Ripple. However, the explorers have removed this tag at the reporting time.

In addition to Larsen, Ripple CEO Brad Garlinghouse stressed that the address itself belongs to Larsen and not Ripple. ZachXBT’s X post also received a community note clarifying the situation, with Garlinghouse and Larsen’s posts as reference points.

Ripple Accounts Secure

Larsen further clarified that all accounts belonging to Ripple remain secure. Moreover, the ancestry of the impacted address shows it was activated by Larsen in 2013, and not Ripple. 

Larsen noted that the exploiters swapped the stolen assets from XRP to other cryptocurrencies. The Ripple chairman confirmed that their work with law enforcement has been fruitful, with some of the assets already frozen.

According to him, they are looking to freeze the rest of the assets. He expressed gratitude to the XRPL Foundation and its Analytics and Compliance Head Thomas Silkjær for their contributions.

Meanwhile, Silkjær revealed that he and his team received a tip from leading crypto exchange WhiteBit concerning suspicious inflows, prompting an investigation into the implicated accounts. 

As soon as the situation was grasped, Silkjær informed Larsen, and an intensive 18-hour effort unfolded. Silkjær confirmed that he collaborated closely with GateHub, exchanging data with the relevant crypto exchanges, Larsen, and his team. 

They have also gathered information for ongoing scrutiny by law enforcement. According to Silkjær, there is the need to keep some specific details confidential for now. However, he acknowledged the varying responsiveness of different exchanges.

Follow Us on Twitter and Facebook.

Disclaimer: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic’s opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.


Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *