Binance Freezes $4.2M in XRP Linked to $112M Ripple Hack

Hassan Shittu
Last updated: | 2 min read
Binance Freezes $4.2M in XRP Linked to $112M Ripple Hack
Source: AdobeStock / Michal Šteflovič

Cryptocurrency exchange Binance has frozen $4.2 million worth of XRP in connection with the $112 million hack on Ripple co-founder Chris Larsen’s wallet on January 31. This incident is currently the most significant hack of 2024.

In response to the exploit, XRP Ledger developers promptly informed exchanges about the incident and urged them to monitor deposits linked to the explorer’s wallets closely. Larsen revealed that 213 million XRP, equivalent to approximately $112.5 million, was stolen in the attack.

Binance helps Ripple Recover Stolen Assets

Binance CEO Richard Teng announced on social media platform X that the exchange had frozen $4.2 million worth of XRP from the exploit that saw $112 million stolen from Larsen’s wallet on January 31. Teng thanked blockchain investigator ZachXBT and the Ripple team for their coordination and assistance.

Ripple is reportedly engaged in discussions with multiple cryptocurrency exchanges to freeze the explorer’s address, and they have also notified law enforcement agencies about the incident. Furthermore, Ripple’s chief, Brad Garlinghouse, assured the community that Ripple wallets were safe.

Teng assured ongoing support for Ripple’s investigative efforts, including closely monitoring funds in the explorer’s external wallets. He emphasized ongoing collaboration with relevant parties and committed to closely monitoring the majority of funds still held in the explorer’s external wallets in case of further activity on Binance.

“Our team is firmly dedicated to supporting a safe ecosystem, so we always encourage projects and users to reach out to us in instances like this.”

Ripple Co-founder Chris Larsen’s XRP Stash Stolen in Security Breach

The security incident was initially flagged by blockchain investigator ZachXBT on January 31, who discovered 213 million XRP stolen and subsequently distributed across various exchanges. Ripple’s co-founder and executive chairman, Chris Larsen, clarified that the funds in question were his own. Larsen disclosed unauthorized access to his accounts but did not provide specific details regarding the breach.

Notably, this exploit deviates from typical hacking patterns, as it occurred over an extended period, involving the gradual theft of XRP over approximately 10 hours before being deposited on centralized exchanges like MEXC,, Binance, Kraken, OKX, HTX, and HitBTC. The exploiters did not follow the common practice of quickly draining funds and using crypto mixers to obscure their tracks.

ZachXBT later revealed that the Ripple attribution for the affected account was tagged as Ripple itself in XRP block explorers XRPScan and Bithomp, leading to confusion about the nature of the hack.

While Binance promptly froze some of the stolen funds, other crypto exchanges, including OKX and Kraken, have not disclosed whether they have identified or frozen any funds associated with the hack.

In addition to addressing the security breach, Ripple continues to navigate legal proceedings with the U.S. Securities and Exchange Commission (SEC) regarding alleged violations of federal laws in digital asset sales. While certain sections of the lawsuits have been dismissed, the status of institutional sales remains a point of contention in the ongoing legal battle.