Hacken, a renowned cybersecurity firm, has revealed compelling evidence indicating an inside job in the recent hacking incident targeting Chris Larsen, the co-founder and chairman of Ripple.
The breach, which resulted in the loss of 213 million XRP valued at $112.5 million, has sent shockwaves through the cryptocurrency community. The duration of the breach, an unprecedented 11 hours and 11 minutes, has raised concerns about Ripple’s internal security measures.
Sophisticated breach uncovered
Hacken’s investigation, spearheaded by Dmytro Yasmanovych, has shed light on the intricacies of the breach. The firm’s analysis uncovered a network of transactions suggesting a deeper involvement within Ripple’s infrastructure.
Funds from the compromised “red” wallet were meticulously distributed to eight wallets before being routed to accounts at various centralized exchanges (CEXs).
Key findings of the investigation
A crucial investigation involved a $64 million transaction to a newly created address. Yasmanovych elucidated that this address is directly linked to the XRP pack of addresses and has been involved in outgoing and incoming transactions related to the stolen funds.
Moreover, a substantial portion of the stolen funds was traced to various exchange addresses, with a Kraken exchange address playing a pivotal role in facilitating the movement of the stolen XRP.
Hacken’s meticulous scrutiny also unearthed historical connections, notably a wallet with ties to XRP predating the hacking incident.
This wallet, identified as rU1bPM4q2rVhC73F7znm7Lt5QnYzZsV35q, shares connections not only with the Kraken wallet used for fund funneling but also with another account involved in transferring funds to a different CEX implicated in the incident.
Community response and mitigation efforts
In response to the theft, Binance CEO Richard Teng disclosed that his exchange had successfully frozen $4.2 million worth of the stolen XRP, showcasing the cryptocurrency community’s collaborative efforts to mitigate such breaches’ repercussions.
Hacken’s detailed account of the attacker’s strategy, involving splitting stolen funds across multiple wallets and utilizing intermediate wallets for transactions, underscores the sophistication of the operation.
