CATEGORIES
home News

Security Experts Believe LastPass Breach Is Behind Millions Of Dollars In Stolen Crypto

by Nathan OrdWednesday, September 06, 2023, 03:19 PM EDT
lastpass vaults stolen in security incident being cracked to steal millions in cryptocurrency
Late last year, password manager LastPass disclosed that hackers had stolen proprietary source code, customer information, and password vaults. Since the initial breach, hackers have been able to get into some of these password vaults, leading to multiple six-figure cryptocurrency thefts.

Taylor Monahan, founder and CEO of MetaMask, a software crypto wallet, has been tracking a series of cryptocurrency thefts across a plethora of chains and coins since April of this year. These thefts were affecting those who were considered relatively “crypto native” and could be thought of as reasonably secure, such as those who worked in the cryptocurrency space. However, there was no real common thread connecting any of these thefts except for the age of keys and the security of the folks who were stolen from.

first tweet lastpass vaults stolen in security incident being cracked to steal millions in cryptocurrency

The assumption per Monahan in April was that a threat actor “got themselves a fatty cache of data from 1+ yr ago & is methodically draining the keys as they parse them from the treasure trove.” Since then, the threat actor has stolen from over 500 addresses and has gotten away with at least $25 million in assets. These thefts are not small pennies either, with the smallest amount being stolen around $10k, but the average sitting closer to $300k per victim. With this new data and corroboration of the victims, it turns out that the former assumption from April may not have been all that far from the truth.

lastpass tweet lastpass vaults stolen in security incident being cracked to steal millions in cryptocurrency

At this point, Monahan is “confident in saying that, in most of these cases, the compromised keys were stolen from LastPass.” However, it is unclear how the threat actor is getting to the seed phrases stored in LastPass that act as the master keys to the crypto wallets enabling these thefts. Monahan implies that there may be a means by which LastPass vaults are being popped one by one by an undetected method or that there was more compromised in last year’s attack against the company than was disclosed.

Regardless of how the thefts are happening, LastPass users who are still on the platform or were previously and stored seed phrases in their vault should migrate wallets to stay safe from the threat. It also appears that being robbed is only a matter of time, so migrating and distributing assets wisely is worth doing sooner rather than later. Further, if you have been affected by a cryptocurrency theft or security compromise, potentially due to LastPass, Monahan recommends you file an Internet Crime Complaint Center (IC3) report immediately.
Tags:  security, LastPass, cryptocurrency
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment