LastPass hackers claimed to have stolen $5 million in two days this month
The fallout from the LastPass data compromise in 2022 appears to be ongoing as a new investigation claims to have uncovered $5 million in cryptocurrency theft from LastPass users across Dec. 16 and 17. Here’s what we know so far.
LastPass Hackers Use Stolen Passwords To Raid User’s Crypto Accounts—Investigator Said
A blockchain crypto investigator has claimed that hackers using data stolen as a result of the 2022 LastPass compromise have this week stolen more than $5million in cryptocurrency from LastPass users. The investigator known as ZachXBT is reported by The Block to have said that $5.36 million was stolen from over 40 victims, in a Telegram posting. “Stolen funds were swapped for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” ZachXBT wrote, referring to the attacker as the LastPass threat actor.
ZachXBY has previously posted to X urging crypto users: “If you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately.” However, there have been no new postings to X regarding the alleged thefts and the 2022 LastPass security incident.
The LastPass Reponse
““A year has passed since initial claims surfaced alleging a link between certain cryptocurrency thefts and the 2022 LastPass security incidents,” LastPass chief secure technology officer, Christofer Hoff, said in a statement. “In that time, LastPass has investigated these claims and to date is not aware of any conclusive evidence that directly connects these crypto thefts to LastPass. Because we take any claims regarding the security of LastPass and our customers seriously, we continue to invite any security researchers who believe they may have evidence to contact the LastPass Threat Intelligence team at [email protected].”
The 2022 LastPass Data Compromise Incident
The 2022 data breach appeared at the time to have been an incident involving the development servers and facilitated by a compromise of a LastPass developer account. Initially, LastPass CEO, Karim Toubba, said that just “portions of source code and some proprietary LastPass technical information,” was accessed.
However, after four months of investigation, Toubba confirmed that the hacker was able to “access and decrypt some storage volumes” from a third-party cloud-based storage service, physically separate from the LastPass production environment. The problem was that this service was used to store backups, including backups of customer vault data. At the time, Toubba said that while LastPass’ Zero Knowledge architecture meant that sensitive vault data, including site passwords, were safely encrypted, users with weak master passwords “should consider minimizing risk by changing passwords of websites you have stored.”
That would now appear to have been very sage advice for LastPass users.
