LastPass hackers claimed to have stolen $5 million in two days this month
The fallout from the LastPass data compromise in 2022 appears to continue as a new investigation claims to have uncovered $5 million in cryptocurrency theft from LastPass users on December 16-17. Here’s what we know so far.
LastPass Hackers Use Stolen Passwords to Attack Users’ Crypto Accounts, Investigator Says
A blockchain cryptocurrency investigator has claimed that hackers using data stolen from the 2022 LastPass compromise stole more than $5 million in cryptocurrency from LastPass users this week. The investigator known as ZachXBT is reported by The Block having said that $5.36 million had been stolen from more than 40 victims, in a message posted on Telegram. “The stolen funds were exchanged for ETH and transferred to various instant exchanges from Ethereum to Bitcoin,” ZachXBT wrote, naming the attacker as the LastPass threat actor.
ZachXBY has previously posted on urging crypto users: “If you think you have already stored your seed phrase or keys in LastPass, migrate your crypto assets immediately.” However, no new posts have been sent to X regarding the alleged thefts and the 2022 LastPass security incident.
The LastPass answer
““A year has passed since initial allegations surfaced alleging a link between certain cryptocurrency thefts and the LastPass security incidents of 2022,” Christofer Hoff, LastPass’ director of secure technology, said in a statement. “During this time, LastPass has investigated these allegations and, to date, is not aware of any conclusive evidence directly linking these crypto thefts to LastPass. complaint regarding the security of LastPass and our customers, we continue to invite any security researchers who believe they may have evidence to contact the LastPass Threat Intelligence team at securitydisclosure@lastpass.com.
The 2022 LastPass data compromise incident
The 2022 data breach appeared at the time to have been an incident involving the development servers and facilitated by the compromise of a LastPass developer account. Initially, Karim Toubba, CEO of LastPass, said that only “portions of the source code and certain proprietary technical information of LastPass” were viewed.
However, after four months of investigation, Toubba confirmed that the hacker was able to “access and decrypt certain storage volumes” from a third-party cloud-based storage service, physically separated from the environment. production LastPass. The problem was that this service was used to store backups, including backups of customers’ vault data. At the time, Toubba said that while LastPass’ Zero Knowledge architecture meant sensitive data in the vault, including site passwords, was securely encrypted, with users having passwords Weak principals “should consider minimizing risks by changing website passwords you have stored.”
This now appears to have been very sound advice for LastPass users.
