Suspected LastPass Breach Leads to $32 Million Crypto Heist

Attackers have targeted high-net-worth crypto users across various blockchains and wallets, but the precise vulnerability remains a mystery.

by . Fact checked by: Ciaran Lawler, Editor: Stefan Trapp
Published:
Guy with a massive key at the storage unit.
Created by Kornelija Poderskytฤ— from DailyCoin
Google News Follow Button
  • The source of the wallet drains remains a mystery.
  • MetaMask worker highlights the commonality of LastPass use among victims.
  • LastPass suffered two major security breaches since last year.

Cryptocurrency hacks have established themselves as the bane of the industry. Besides leaving victims with little chance of recovering their funds, they continue to damage the reputation of an industry plagued by mistrust. In one such slight against digital assets, a string of recent wallet hacks has been puzzling investigators, but after extended scrutiny, LastPass has been implicated.  

Ongoing Crypto Draining Operation 

Crypto security experts suspect LastPass is the source of a hacking spree that has netted criminals an estimated $32 million in crypto assets. 

Sponsored

Since December 2022, the Lead Product Manager at MetaMask, Taylor Monahan, has been investigating a โ€œmassive wallet draining operationโ€ that managed to snare โ€œOGsโ€ and crypto-savvy victims. The source of the vulnerability remains a mystery, but Monahan named LastPass as a possible cause in an August 28 tweet.

Updating the crypto community on her months-long investigation, Monahan confirmed that an additional 100+ victims had been affected since going public with the incident in April. Moreover, the hacker(s) continue(s) to target large accounts only, with the average amount stolen per victim weighing in at $300k+.

Monahan stated that victims used a multitude of key types, wallets, and blockchains, making the vulnerability untied to any one specific wallet or blockchain. Despite the seemingly uncorrelated facts, Monahan discovered that many victims used LastPass to store private keys and seeds.

โ€œThe number of victims who only had the specific group of seeds/keys that were drained stored in LastPass is simply too much to ignore,โ€ Monahan said.

Monahan went on to highlight that LastPass suffered a data breach in 2022. She questioned whether hackers stole keys and seeds from this breach or whether the vulnerability lies with an unknown mechanism via the program on individualsโ€™ devices. Venting her frustration, she accused LastPass of dragging their feet.

LastPass Responds

Computer security blog KrebsOnSecurity picked up on the story, inviting LastPass to comment. The company declined to answer specific questions about the incident or prior data breaches owing to pending litigation and ongoing investigations by law enforcement.

Nonetheless, LastPass affirmed that it is cooperating with various entities connected with catching those responsible for the data breach.

โ€œWe have shared various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts as well as our internal and external threat intelligence and forensic partners in an effort to try and help identify the parties responsible.โ€ A statement from LastPass read.

LastPass suffered a data breach in August 2022 after an engineerโ€™s corporate laptop was compromised, giving attackers unauthorized access to the company cloud. In December 2022, the company notified users of a second incident tied to an information leak from the prior breach. This enabled attackers to exploit โ€œvulnerable third-party softwareโ€ and introduce malware into the companyโ€™s network.

Both incidents saw the attacker access company data, such as software repositories, internal scripts and documents, and, more significantly, โ€œsensitive customer vault data.โ€

On the Flipside

  • Correlation is not causation, and the evidence against LastPass remains circumstantial.
  • Security experts emphasize the importance of proper password management, such as regularly changing and using different access keys.
  • Hot systems are considered highly vulnerable to knowledgeable hackers.

Why This Matters 

Continued exploits in the cryptocurrency sector have damaged the industry’s reputation. With new attacks being revealed daily, crypto risks remain a fringe option unless more security measures are introduced to address the problem.

Read more on investigations into the infamous Lazarus Group here:
North Korean Lazarus Group Linked to Coinspaid, Atomic Wallet, and Harmony Hacks

Learn more about Base Chain making inroads into the DeFi sector here:
Base Chainโ€™s Explosive Growth Shows the DeFi Market Is Still Up for Grabs

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Tags
Author
Samuel Wan
Samuel Wan

Samuel Wan is a reporter at DailyCoin covering market affairs. Samuel's has holdings in Bitcoin and Cardano, with other minor holdings across the market.

Read more