X
search

Cybersecurity experts claim LastPass security breach led to a wave of crypto thefts

Pictured: Hisan Kidwai
By Hisan Kidwai
September 08, 2023
Featured image for Cybersecurity experts claim LastPass security breach led to a wave of crypto thefts

LastPass had a rough last year, thanks in part to the security breach that granted threat actors access to the company’s source code and valuable user data. However, just when we thought the whole LastPass fiasco was behind us, recent reports indicate that last year’s security breach has led to the compromise of over 150 cryptocurrency investors’ assets, resulting in a series of high-value crypto heists.

As explained by cybersecurity blogger Brian Krebs, numerous security researchers have uncovered a trail of evidence seemingly connecting victims of crypto theft with the LastPass service. Additionally, to make matters worse, threat actors have successfully siphoned off over $35 million in cryptocurrency to date.

Advertisement
Advertisement

Furthermore, another analyst, Tay, who created a graph documenting crypto thefts over the past six months, spanning from December 2022 to July 2023, stated, “I’m confident in saying that, in most of these cases, the compromised keys were stolen from @LastPass.”

Possible implications

While it is impossible to verify these claims with absolute certainty, Taylor Monahan, product manager at the cryptocurrency wallet MetaMask, who has been actively investigating the matter, argues that their findings indicate that a majority of the crypto theft victims stored their “seed phrase,” a private digital key crucial for accessing cryptocurrency investments, in LastPass. Furthermore, the consistent funnelling of stolen funds to the same blockchain addresses by threat actors has strengthened these claims.

Therefore, if these allegations hold true, two disconcerting possibilities arise: either threat actors used an undisclosed method to individually compromise hundreds of users’ vaults, or LastPass has not fully disclosed critical details concerning the breach.

What does LastPass have to say?

In response, LastPass CEO Karim Toubba stated, “Since last year’s attack on LastPass, we have maintained contact with law enforcement, sharing various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts, as well as with our internal and external threat intelligence and forensic partners, in an effort to help identify the responsible parties. We have no further updates to share at this time.”