At the end of January, Ripple was hacked. To be more precise, according to official statements, it was Chris Larsen – the co-founder – who saw his wallets compromised.
In fact, the company has made it clear that nothing within its system is jeopardized.
According to the official confirmation by Larsen, they were “able to catch the problem and notify exchanges to freeze the affected addresses.” The funds in question amounted to some $113 million.
Shortly after that, Binance also confirmed that they had managed to freeze $4.2 million stolen by the exploiter.
However, there’s new research on the matter that reveals some incredibly interesting findings.
Exploit Addresses With Predated Connection to XRP?
The research was carried out by Hacken – a Web3 security auditor – who recently published a detailed thread on the matter.
🚨 @Ripple Case: Insights That Went Unnoticed
Driven by peculiar intricacies surrounding a recent XRP event, our team embarked on an in-depth inquiry
The key outcome of our investigation: two wallets, that took a central stage in the incident, are connected to XRP’s authorized… https://t.co/CQDU9ggkTF
— Hacken🇺🇦 (@hackenclub) February 7, 2024
The first thing that Hacken flagged was the unusually long time it took for the breach to happen.
With an unusual 11 hours and 11 minutes duration, this event strays far from conventional breaches.
Security analyst Dmytro Yasmanovych then explores the addresses to which XRP was transferred before making its way to centralized exchanges (like Binance). He looked at both incoming and outgoing transactions to these addresses.
Through his research, the expert came to a very peculiar finding concerning one particular incoming transaction of $64 million.
Our investigation reveals that the new address involved in a $64 million transaction is directly connected with the XRP pack of addresses and had some outgoing and incoming transactions between them. Notably, it also engages with wallets tied to the transfer of stolen funds.
The investigation also found out that one of the alleged addresses used to funnel out the stolen funds has longstanding ties with XRP, which predates the incident – going as far back as 2020.