LastPass users have fallen victim to a series of cryptocurrency thefts, with hackers allegedly stealing $5.36 million within just two days this month. The attacks, which took place on December 16 and 17, are believed to be linked to the 2022 LastPass security breach that compromised user data. According to blockchain crypto investigator ZachXBT, the stolen funds were taken from over 40 victims and swapped for Ethereum before being transferred to various instant exchanges and converted to Bitcoin.
In a Telegram post, ZachXBT referred to the attacker as the “LastPass threat actor” and advised crypto users to “migrate your crypto assets immediately” if they had ever stored their seed phrase or keys in LastPass. Christofer Hoff, LastPass Chief Secure Technology Officer, responded to the allegations, stating that the company has investigated claims linking certain cryptocurrency thefts to the 2022 security incidents but has not found “any conclusive evidence that directly connects these crypto thefts to LastPass.” Hoff added that LastPass continues to invite security researchers with potential evidence to contact their Threat Intelligence team.
LastPass theft linked to crypto heist
The 2022 LastPass breach involved the compromise of a developer account, which allowed hackers to access the company’s development servers. Initially, LastPass CEO Karim Toubba reported that only portions of source code and some proprietary technical information were accessed. However, after a four-month investigation, it was revealed that the hacker had also accessed and decrypted some storage volumes from a third-party cloud-based storage service, which included backups of customer vault data.
Although LastPass employs a Zero Knowledge architecture to encrypt sensitive vault data, including site passwords, Toubba advised users with weak master passwords to change their website passwords as a precautionary measure. The ongoing fallout from the 2022 LastPass breach emphasizes the importance of strong, unique passwords and robust security practices for users of password management services. As investigations continue, affected users are urged to take steps to safeguard their assets and remain vigilant about their personal data security.
