LastPass Vaults Linked to Major Cryptocurrency Heists Exceeding $35M

FLY:D/Unsplash

Thursday, September 7, 2023 11:47 PM UTC

Legal Sector Flourishes Amidst Cryptocurrency Bankruptcies; Firms Collect $700M in Fees
Xiamen Court Advocates for Cryptocurrency Recognition as Legally Protected Property in China
Grayscale Triumphs in Legal Battle for Bitcoin ETF: Cryptocurrency Markets Rally
CoinSwitch, CoinDCX Downsize Amidst Prolonged Cryptocurrency Winter in India
Western Union Ventures into Cryptocurrency with Ripple's Blockchain Technology

In 2022, multiple LastPass password vaults were compromised, leading to over 150 victims being tied to notable cryptocurrency thefts. Recent findings link these heists directly to the breached vaults, emphasizing the significance of secure digital practices. As the situation unfolds, experts underscore the need for vigilant crypto protection.

According to cybersecurity blogger Brian Krebs, several researchers have identified a "highly reliable set of clues" linking these victims to the stolen password vaults. The total amount stolen reportedly exceeds $35 million in cryptocurrency. Since December 2022, between two and five high-value heists have occurred each month.

A lead product manager at crypto wallet company MetaMask, Taylor Monahan, revealed that the commonality among victims was their prior use of LastPass to store their "seed phrase." This phrase serves as a private key necessary to access cryptocurrency investments.

These keys are often stored on encrypted services like password managers to protect against unauthorized access. Furthermore, the stolen funds were traced to the same blockchain addresses, solidifying the connection between the victims.

LastPass experienced two known security breaches in August and November of the previous year. Hackers utilized the information obtained during the first breach to access shared cloud storage, where customer encryption keys for vault backups were stored.

When questioned about the possibility of the cracked password vaults, LastPass CEO Karim Toubba stated that the November breach remains under investigation by law enforcement and is also the subject of pending litigation. The company did not confirm any link between the 2022 breaches and the reported crypto thefts.

Researcher Nick Bax, director of analytics at crypto wallet recovery company Unciphered, supported Monahan's findings. In an interview with KrebsOnSecurity, Bax advised friends and family who use LastPass to change their passwords and migrate any exposed crypto despite the inconvenience.

As the investigation continues, experts emphasize the importance of secure password management and vigilant protection of cryptocurrency investments. The repercussions of the LastPass security breach and subsequent crypto thefts are a stark reminder of the ever-present threat of cybercrime in the digital world.

Photo: FLY:D/Unsplash