Ripple was not hacked for $112M XRP — but its co-founder was

ZachXBT flagged the outflows, which took place on Tuesday

share

An on-chain detective has flagged odd XRP outflows worth roughly $112 million from addresses linked to Ripple Labs.

ZachXBT, in a post on X Wednesday, said that Ripple seemed to have been hacked for 213 million XRP.

However, Ripple co-founder Chris Larsen responded that his Ripple accounts had been compromised, not Ripple itself.

Larsen said there had been “unauthorized access to a few of my personal XRP accounts.”

“We were quickly able to catch the problem and notify exchanges to freeze the affected addresses. Law enforcement is already involved,” he added.

Loading Tweet..

The stolen funds, ZachXBT found, were laundered through crypto exchanges including Gate, Binance, Kraken, OKX, HTX, HitBTC, and MEXC.

Loading Tweet..

He highlighted roughly 8 addresses tied to the alleged theft. 

Read more: Security review competition will offer a bounty of $1.2M

The timestamps for the transactions stand out, however, as they took place on Tuesday ranging from early on in the day to late Tuesday night. Ripple Labs or Larsen had not publicly disclosed the attack until ZachXBT’s posts on social media.

“The sheer number of [transactions] to exchanges in a short time span should tell you enough,” ZachXBT said in a follow up post. “Ripple team is not going to use a small instant exchange like FixedFloat in size.”

Following the post on X, XRP fell over 5%. It has since bounced back as of publication.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates.png

Research

EtherFi, the largest liquid restaking protocol, is repositioning itself as a consumer-facing crypto neobank. Beyond staking, it is building a revenue mix around cards, vaults, and trading, aiming to capture sustainable front-end economics in DeFi. The shift highlights EtherFi’s ambition to expand from infrastructure into a full financial platform.

article-image

Legion’s reputation-based fundraising will expand through Kraken Launch, offering compliant and transparent token sales to global investors

by Blockworks /
article-image

Blockchain protocol introduces XPL token and zero-fee transfers as it targets global stablecoin adoption

by Blockworks /
article-image

With rate cuts priced in and deeper liquidity, it’s not surprising to see certain speculative assets getting a bid

article-image

Lending giant is moving to ERC‑4626 share accounting and preparing to shutter underperforming networks, with 86% of revenue on Ethereum mainnet

article-image

The payments firm introduces a USDC-based app on Stellar, aiming to modernize remittances in volatile currency markets

by Blockworks /
article-image

MarginFi fixed a flaw that could have let attackers borrow funds without repayment

by Blockworks /