Ripple was not hacked for $112M XRP — but its co-founder was

ZachXBT flagged the outflows, which took place on Tuesday

share

An on-chain detective has flagged odd XRP outflows worth roughly $112 million from addresses linked to Ripple Labs.

ZachXBT, in a post on X Wednesday, said that Ripple seemed to have been hacked for 213 million XRP.

However, Ripple co-founder Chris Larsen responded that his Ripple accounts had been compromised, not Ripple itself.

Larsen said there had been “unauthorized access to a few of my personal XRP accounts.”

“We were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved,” he added.

Loading Tweet..

The stolen funds, ZachXBT found, were laundered through crypto exchanges including Gate, Binance, Kraken, OKX, HTX, HitBTC, and MEXC.

Loading Tweet..

He highlighted roughly 8 addresses tied to the alleged theft. 

Read more: Security review competition will offer a bounty of $1.2M

The timestamps for the transactions stand out, however, as they took place on Tuesday ranging from early on in the day to late Tuesday night. Ripple Labs or Larsen had not publicly disclosed the attack until ZachXBT’s posts on social media.

“The sheer number of [transactions] to exchanges in a short time span should tell you enough,” ZachXBT said in a follow up post. “Ripple team is not going to use a small instant exchange like FixedFloat in size.”

Following the post on X, XRP fell over 5%. It has since bounced back as of publication.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template (11).png

Research

Union’s technical design brings measured improvements to crosschain interoperability. By combining a consensus-verified hub with novel constructs like state lenses and ZK proofs for client updates, Union achieves an interoperability protocol that is highly performant, trust-minimized, and scalable.

article-image

Crypto finds fundamentals, Chanos books profits and prediction markets make trouble

article-image

The token has crashed over 65% and been marked as dangerous due to its contract’s permissions

article-image

FOMC July minutes may hold the key to Powell’s speech tomorrow

article-image

Singapore’s largest bank is issuing crypto-linked structured notes on Ethereum, but the tokens will remain permissioned

article-image

Jupiter borrows Fluid’s innovative risk engine