Blockchain analytics firm Hacken, while refraining from definitive conclusions, identified connections between the wallets of the hacker behind the $112.5 million XRP theft, and accounts potentially linked to Ripple.
🚨 @Ripple Case: Insights That Went Unnoticed
Driven by peculiar intricacies surrounding a recent XRP event, our team embarked on an in-depth inquiry
The key outcome of our investigation: two wallets, that took a central stage in the incident, are connected to XRP’s authorized… https://t.co/CQDU9ggkTF
— Hacken🇺🇦 (@hackenclub) February 7, 2024
The XRP exploit was previously confirmed by Ripple co-founder Chris Larsen to only impact his personal wallets.
Their report suggests “two wallets connected to XRP’s authorized wallet played key roles” in the January 31st incident, raising suspicions of potential insider involvement.
The investigation began when Larsen reported unauthorized access to his wallets, resulting in the loss of 213 million XRP.
Tracing the stolen funds, Hacken identified eight intermediary wallets used before reaching a Binance deposit address.
One crucial link involved a wallet address (“rU1bPM4”) that had previously sent $64.6 million to Larsen and $37,500 to an attacker’s intermediary wallet.
This raises two possibilities: either the same entity sent both sums, or the attacker gained access to the “rU1bPM4” account.
Further complicating the matter, “rU1bPM4” also sent funds to a Kraken deposit address used by the attacker, suggesting potential misuse of an authorized account.
Hacken emphasizes the account’s “longstanding ties with XRP,” implying it could have been connected to Ripple.
While definitive proof remains elusive, Hacken’s findings point towards a potentially complex scheme.
They acknowledge the need for further investigation but conclude, “the story is getting more interesting.”