Late LastPass Breach Linked to Cryptocurrency Thefts

Introduction

Late last year, password manager LastPass disclosed a breach where hackers stole proprietary source code, customer information, and password vaults. Since then, hackers have accessed some of these password vaults, resulting in multiple six-figure cryptocurrency thefts.

Tracking the Cryptocurrency Thefts

Taylor Monahan, founder and CEO of MetaMask, has been monitoring a series of cryptocurrency thefts since April. These thefts primarily targeted individuals who were considered relatively secure in the cryptocurrency space. Monahan initially believed that the threat actor had obtained a large amount of data from over a year ago and was systematically draining the keys to steal assets.

Since April, the threat actor has stolen from over 500 addresses, accumulating at least $25 million in assets. The stolen amounts range from $10,000 to an average of $300,000 per victim.

Link to LastPass

Based on new data and victim testimonies, it is now believed that the compromised keys were stolen from LastPass. However, it remains unclear how the threat actor is accessing the seed phrases stored in LastPass, which act as the master keys to the crypto wallets.

Monahan suggests that LastPass vaults may be systematically breached one by one using an undetected method. Alternatively, it is possible that more information was compromised in last year’s attack against LastPass than was initially disclosed.

Protecting Yourself

Regardless of how the thefts are occurring, LastPass users who still use the platform or have previously stored seed phrases in their vaults should migrate their wallets to ensure their safety. It is also advisable to distribute assets wisely to minimize the risk of being robbed.

If you have been affected by a cryptocurrency theft or security compromise, potentially due to LastPass, it is recommended to file an Internet Crime Complaint Center (IC3) report immediately.