LastPass hackers claimed to have stolen $5 million in two days this month
The fallout from the LastPass data breach in 2022 appears to be continuing as a new investigation has reportedly uncovered a $5 million cryptocurrency theft from LastPass users during December 16-17. Here’s what we know so far.
Investigators say LastPass hackers are using stolen passwords to raid users’ crypto accounts
A blockchain crypto investigator has claimed that hackers stole more than $5 million in cryptocurrencies from LastPass users this week using data stolen as a result of the 2022 LastPass compromise. The investigator, known as ZachXBT, reportedly said in a Telegram post that $5.36 million was stolen from over 40 victims, according to The Block. “Stolen funds were exchanged for ETH and transferred from Ethereum to Bitcoin on various instant exchanges,” ZachXBT wrote, referring to the attacker as the LastPass threat actor.
ZachXBY previously posted on X, however, there were no new posts about the alleged thefts and the 2022 LastPass security incident.
The LastPass answer
“It has been a year since allegations first emerged alleging a connection between certain cryptocurrency thefts and the 2022 LastPass security incidents,” LastPass Chief Secure Technology Officer Christofer Hoff said in a statement. “LastPass has since investigated these claims and is not aware of any conclusive evidence directly linking these crypto thefts to LastPass.” Because we take all claims regarding the security of LastPass and our customers seriously, we continue to invite any security researchers who believe If you have evidence, please contact the LastPass Threat Intelligence team at securitydisclosure@lastpass.com.”
The 2022 LastPass data compromise incident
The 2022 data breach appeared at the time to have been an incident that affected the development servers and was facilitated by the compromise of a LastPass developer account. Initially, LastPass CEO Karim Toubba said that only “parts of the source code and some proprietary technical information of LastPass” were accessed.
However, after four months of investigation, Toubba confirmed that the hacker was “able to access and decrypt some storage volumes” through a third-party cloud-based storage service that was physically separate from the LastPass production environment. The problem was that this service was used to store backups, including backups of customer vault data. At the time, Toubba said that while LastPass’s zero-knowledge architecture meant that sensitive vault data, including website passwords, would be securely encrypted, users with weak master passwords should “consider minimizing risk by protecting the passwords of the vault.” “Change the websites you have saved”.
Now that seems to have been very wise advice for LastPass users.
