The security analyst was one of the persons to point out the hack on Jan. 31 following ZachXBT’s revelation. Review that prior reports were that the theft prompted the deficiency of around 213 million XRP, with the malevolent actor utilizing centralized exchanges to target the assets.
In its most recent report, Hacken brought up that the hack of the taken assets took more than 11 hours. The stage mentioned that this length is unconventional, as hackers frequently take out assets as fast as they can following a hacking occurrence.
🚨 @Ripple Case: Insights That Went Unnoticed
Driven by peculiar intricacies surrounding a recent XRP event, our team embarked on an in-depth inquiry
The key outcome of our investigation: two wallets, that took a central stage in the incident, are connected to XRP’s authorized… https://t.co/CQDU9ggkTF
— Hacken🇺🇦 (@hackenclub) February 7, 2024
The New discovery by Hacken pioneered by their security team of experts Dmytro Yasmanovych, uncovered that the hacker moved the XRP from Larsen’s wallet to eight distinct addresses, and afterward piped them into centralized exchanges for laundering.
The Wallet Manoveouring
Hacken highlighted a specific address with the initials rU1bPM4q. according to him, this address is quite significant, as it interacted on different occasions with Chris Larsen’s wallet even before the hack. This discovery about the wallet interaction affirms that Larsen knows the location.
The Hacken team furthermore mentioned that one of the addresses the programmers used to get the assets was a Kraken address. They found that this Kraken address also interacted with address rU1bPM4, the wallet of concentration, since 2020. it is worth noting that rU1bPM4 sent 5.7 million XRP to the Kraken address in Walk 2020.
In view of their discovery, they were fundamentally bringing up that the Kraken address the hacker used to collect the assets has in the past collaborated with a location that Larsen knows all about. This brought up issues, with the hypothesis that Larsen could know who was behind the hack episode.
A Message Bt RTO
Eminently, the Ripple CTO David Schwartz explained the circumstance in a reaction to their report. Schwartz stated that Kraken just has one XRPL address, which is the one highlighted by Hacken. All transactions to Kraken go into this location, however, users leverage destination tags to determine who the deposit goes to.
I suspect you don't understand how the XRP Ledger works. For example, rLHzPsX6oXkzU2qL12kHCH8G8cnZv1rBJh is Kraken's *only* XRP deposit address. All XRP deposits to Kraken are made to the same Kraken wallet.
— David "JoelKatz" Schwartz (@JoelKatz) February 8, 2024
Hacken erroneously suggested that this address explicitly is owned by the hacker, not realizing that it is Kraken’s used for all general deposits. This is fundamentally how the XRP ledger functions. Schwartz brought up that the Hacken time probably won’t know all about how the network functions.
Focusing on another update, the Hacken team of experts conceded the mistake in their investigation and revised their position. Be that as it may, a few inquiries stayed unanswered, particularly concerning the rU1bPM4 address previously highlighted in the investigation.
❗️ Updating our research on the Ripple case. We shared our investigation findings, noting some unusual aspects not raised earlier. Thanks to the community and Ripple representative, we've already got answers to a few of them, although one question remains unanswered
— Hacken🇺🇦 (@hackenclub) February 8, 2024
Hacken’s team also found out that other than communicating with the Kraken deposit address, rU1bPM4 interacted with another address (rs1S85L) used to get the stolen asset.
XRP Stolen More Than What Was Reported
The Crypto Essential led its own different investigation and found that the wallet interaction rU1bPM4 had with the address rs1S85L was not dubious.
rU1bPM interacted with rs1S85L, the hackers’ address only once on the day the hacking took place. Furthermore, rs1S85L was enacted by the European exchange WhiteBIT, which could propose an alliance with the exchange. Notwithstanding, this stays unsubstantiated.
In addition, an indebt analysis of the address rU1bPM4 affirms that the address is owned by Larsen. Strangely, this address as well saw surges to various addresses belonging to the hacker. These outpourings added up to more than 28 million XRP from 11:13 to 22:45 (UTC) on Jan. 30.
This demonstrates that rU1bPM4 was also looted just like Larsen’s other wallet on Jan. 30. Thus, the interaction with rs1S85L, resulting in a 70,000 XRP, was one of the outflows by the hacker. this was the last operation from the hacker.
The finding made clear that the stolen assets may be more than previously announced. a well-known on-chain detective Tayvona affirmed this responding to Hacken. She shared various transaction IDs of the malignant outflows, furthermore, she mentioned that the asset stolen added up to 282 million XRP, and not 213 million XRP.