At the end of January, Ripple was hacked. To be more precise, according to official statements, it was Chris Larsen – the co-founder – who saw his wallets compromised.
In fact, the company has made it clear that nothing within its system is jeopardized.
According to the official confirmation by Larsen, they were “able to catch the problem and notify exchanges to freeze the affected addresses.” The funds in question amounted to some $113 million.
Shortly after that, Binance also confirmed that they had managed to freeze $4.2 million stolen by the exploiter.
However, there’s new research on the matter that reveals some incredibly interesting findings.
The research was carried out by Hacken – a Web3 security auditor – who recently published a detailed thread on the matter.
The first thing that Hacken flagged was the unusually long time it took for the breach to happen.
With an unusual 11 hours and 11 minutes duration, this event strays far from conventional breaches.
Security analyst Dmytro Yasmanovych then explores the addresses to which XRP was transferred before making its way to centralized exchanges (like Binance). He looked at both incoming and outgoing transactions to these addresses.
Through his research, the expert came to a very peculiar finding concerning one particular incoming transaction of $64 million.
Our investigation reveals that the new address involved in a $64 million transaction is directly connected with the XRP pack of addresses and had some outgoing and incoming transactions between them. Notably, it also engages with wallets tied to the transfer of stolen funds.
The investigation also found out that one of the alleged addresses used to funnel out the stolen funds has longstanding ties with XRP, which predates the incident – going as far back as 2020.