Security Experts Believe LastPass Breach Is Behind Millions Of Dollars In Stolen Crypto
Late last year, password manager LastPass disclosed that hackers had stolen proprietary source code, customer information, and password vaults. Since the initial breach, hackers have been able to get into some of these password vaults, leading to multiple six-figure cryptocurrency thefts.
Taylor Monahan, founder and CEO of MetaMask, a software crypto wallet, has been tracking a series of cryptocurrency thefts across a plethora of chains and coins since April of this year. These thefts were affecting those who were considered relatively “crypto native” and could be thought of as reasonably secure, such as those who worked in the cryptocurrency space. However, there was no real common thread connecting any of these thefts except for the age of keys and the security of the folks who were stolen from.
The assumption per Monahan in April was that a threat actor “got themselves a fatty cache of data from 1+ yr ago & is methodically draining the keys as they parse them from the treasure trove.” Since then, the threat actor has stolen from over 500 addresses and has gotten away with at least $25 million in assets. These thefts are not small pennies either, with the smallest amount being stolen around $10k, but the average sitting closer to $300k per victim. With this new data and corroboration of the victims, it turns out that the former assumption from April may not have been all that far from the truth.
At this point, Monahan is “confident in saying that, in most of these cases, the compromised keys were stolen from LastPass.” However, it is unclear how the threat actor is getting to the seed phrases stored in LastPass that act as the master keys to the crypto wallets enabling these thefts. Monahan implies that there may be a means by which LastPass vaults are being popped one by one by an undetected method or that there was more compromised in last year’s attack against the company than was disclosed.
Regardless of how the thefts are happening, LastPass users who are still on the platform or were previously and stored seed phrases in their vault should migrate wallets to stay safe from the threat. It also appears that being robbed is only a matter of time, so migrating and distributing assets wisely is worth doing sooner rather than later. Further, if you have been affected by a cryptocurrency theft or security compromise, potentially due to LastPass, Monahan recommends you file an Internet Crime Complaint Center (IC3) report immediately.