Feds Link $150M Crypto Heist to 2022 LastPass Breach
Federal agents in the U.S. have linked a major cryptocurrency heist in January 2024 to a breach at password manager LastPass in 2022. The $150 million theft, targeting Ripple co-founder Chris Larsen, has seen around $24 million in cryptocurrencies seized so far.
Security researchers Nick Bax and Taylor Monahan discovered that victims of these six-figure cyberheists had stored their cryptocurrency seed phrases in the 'Secure Notes' area of their LastPass account prior to the 2022 breaches. Experts suggest that the 2022 LastPass breach gave thieves offline access to encrypted password vaults, allowing them to crack weaker master passwords over time.
In September 2023, KrebsOnSecurity reported that a series of six-figure cyberheists resulted from thieves cracking master passwords stolen from LastPass in 2022. The U.S. Secret Service and the FBI have now agreed with these findings and seized approximately $24 million worth of cryptocurrencies related to the $150 million heist. The cyberheists followed a pattern of cashing out stolen funds to a large number of drop accounts across various cryptocurrency exchanges.
LastPass CEO Karim Toubba initially reported unusual activity in the software development environment on August 25, 2022, and a more serious breach on November 30, 2022, affecting encrypted copies of some password vaults and other personal information. Despite cooperation with law enforcement, LastPass has not found conclusive evidence linking the cyberheists to their 2022 breaches. Many cyberheist victims had chosen master passwords with low complexity and were among LastPass's oldest customers, who may not have been upgraded to newer password requirements and protections.
Read also:
- Small Business Owners Sound Alarm on Tariff Challenges
- THW Marks 75 Years of Saving Lives at Home and Abroad
- Kazakhstan's National Bank Boosts Currency Sales to $1.4 Trillion in Q4
- Federal petition from CEI seeking federal intervention against state climate disclosure laws, alleging these laws negatively impact interstate commerce and surpass constitutional boundaries.
