Suspected LastPass Breach Leads to $32 Million Crypto Heist

Attackers have targeted high-net-worth crypto users across various blockchains and wallets, but the precise vulnerability remains a mystery.

Guy with a massive key at the storage unit.
Created by Kornelija Poderskytė from DailyCoin
  • The source of the wallet drains remains a mystery.
  • MetaMask worker highlights the commonality of LastPass use among victims.
  • LastPass suffered two major security breaches since last year.

Cryptocurrency hacks have established themselves as the bane of the industry. Besides leaving victims with little chance of recovering their funds, they continue to damage the reputation of an industry plagued by mistrust. In one such slight against digital assets, a string of recent wallet hacks has been puzzling investigators, but after extended scrutiny, LastPass has been implicated.  

Ongoing Crypto Draining Operation 

Crypto security experts suspect LastPass is the source of a hacking spree that has netted criminals an estimated $32 million in crypto assets. 

Since December 2022, the Lead Product Manager at MetaMask, Taylor Monahan, has been investigating a “massive wallet draining operation” that managed to snare “OGs” and crypto-savvy victims. The source of the vulnerability remains a mystery, but Monahan named LastPass as a possible cause in an August 28 tweet.

Updating the crypto community on her months-long investigation, Monahan confirmed that an additional 100+ victims had been affected since going public with the incident in April. Moreover, the hacker(s) continue(s) to target large accounts only, with the average amount stolen per victim weighing in at $300k+.

Monahan stated that victims used a multitude of key types, wallets, and blockchains, making the vulnerability untied to any one specific wallet or blockchain. Despite the seemingly uncorrelated facts, Monahan discovered that many victims used LastPass to store private keys and seeds.

“The number of victims who only had the specific group of seeds/keys that were drained stored in LastPass is simply too much to ignore,” Monahan said.

Monahan went on to highlight that LastPass suffered a data breach in 2022. She questioned whether hackers stole keys and seeds from this breach or whether the vulnerability lies with an unknown mechanism via the program on individuals’ devices. Venting her frustration, she accused LastPass of dragging their feet.

LastPass Responds

Computer security blog KrebsOnSecurity picked up on the story, inviting LastPass to comment. The company declined to answer specific questions about the incident or prior data breaches owing to pending litigation and ongoing investigations by law enforcement.

Nonetheless, LastPass affirmed that it is cooperating with various entities connected with catching those responsible for the data breach.

“We have shared various technical information, Indicators of Compromise (IOCs), and threat actor tactics, techniques, and procedures (TTPs) with our law enforcement contacts as well as our internal and external threat intelligence and forensic partners in an effort to try and help identify the parties responsible.” A statement from LastPass read.

LastPass suffered a data breach in August 2022 after an engineer’s corporate laptop was compromised, giving attackers unauthorized access to the company cloud. In December 2022, the company notified users of a second incident tied to an information leak from the prior breach. This enabled attackers to exploit “vulnerable third-party software” and introduce malware into the company’s network.

Both incidents saw the attacker access company data, such as software repositories, internal scripts and documents, and, more significantly, “sensitive customer vault data.”

On the Flipside

  • Correlation is not causation, and the evidence against LastPass remains circumstantial.
  • Security experts emphasize the importance of proper password management, such as regularly changing and using different access keys.
  • Hot systems are considered highly vulnerable to knowledgeable hackers.

Why This Matters 

Continued exploits in the cryptocurrency sector have damaged the industry’s reputation. With new attacks being revealed daily, crypto risks remain a fringe option unless more security measures are introduced to address the problem.

Read more on investigations into the infamous Lazarus Group here:
North Korean Lazarus Group Linked to Coinspaid, Atomic Wallet, and Harmony Hacks

Learn more about Base Chain making inroads into the DeFi sector here:
Base Chain’s Explosive Growth Shows the DeFi Market Is Still Up for Grabs

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Samuel Wan

Samuel Wan is a finance professional turned crypto journalist, known for his insightful reporting on market trends, regulatory changes, and technological developments within the digital asset industry. His ability to simplify complex concepts and report the facts has made him a trusted source in the crypto community. Beyond his writing, Samuel is an active mountain biker and gamer.