LastPass security breach linked to a string of crypto heists

 An illustration of Bitcoin with a financial value graph
An illustration of Bitcoin with a financial value graph

Six-figure cryptocurrency heists have reportedly been taking place on a monthly basis since late last year, with experts now attributing the action to the December 2022 LastPass breach.

LastPass CEO Karim Toubba has already disclosed and actioned plans to reduce the likelihood of future attacks, but for some high-net-worth individuals who trusted the platform, it could be too late.

The news comes from software cryptocurrency wallet MetaMask’s lead product manager Taylor Monahan, who noted a connection between the victims of both the LastPass breach and the crypto heists.

Is LastPass to blame for crypto theft?

Monahan and other researchers have identified clues dating back to December 2022 when the breach occurred, linking the more than 150 crypto heist victims to the LastPass incident. The total value of cryptocurrency stolen reportedly stands at more than $35 million.

Given how much money the victims had put aside in cryptocurrency, it’s unsurprising that Monahan noted their healthy account security. However, that was not enough to deter criminals who seem to have gotten their hands on the seed phrases used to unlock accounts, which were stored in the popular password manager.

According to the research put together by cybersecurity blogger Brian Krebs, between two and five “high-dollar heists” have occurred each month since the breach.

Krebs added: “LastPass declined to answer questions about the research highlighted in this story, citing an ongoing law enforcement investigation and pending litigation against the company in response to its 2022 data breach.”

Karim Toubba added: "Since last year’s attack on LastPass, we have remained in contact with law enforcement and continue to do so. We have shared various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts as well as our internal and external threat intelligence and forensic partners in an effort to try and help identify the parties responsible. Last year’s incident remains the subject of an ongoing investigation by law enforcement and is also the subject of pending litigation. In the meantime, we encourage any security researchers to share any useful information they believe they may have with our Threat Intelligence team by contacting"

Those concerned about account security should consider setting up additional protective measures like two-factor authentication, as well as refraining from storing all account information in one place.

Finally, all Internet users should be cautious of phishing scams: if in doubt, revisit the webpage from a genuine URL rather than following a link in an email.

More from TechRadar Pro