LastPass passwords used in crypto thefts

Share post:

Security experts are warning LastPass users that their passwords may have been used in a string of cryptocurrency thefts.

The experts say that hackers have cracked open some of the password vaults stolen during a security breach at LastPass in late 2022. This has allowed them to access the “seed phrases” of victims, which are private digital keys that are required to access cryptocurrency investments.

Collectively, over $35 million in crypto has reportedly been stolen so far. The thefts have occurred in batches of two to five high-value heists each month since December 2022.

Taylor Monahan, lead product manager at MetaMask, is at the forefront of the investigation. She observes that the victims’ link is not only their reliance on LastPass but also the suspicious movement of stolen funds to identical blockchain addresses. Nick Bax, director of analytics at Unciphered, echoes Monahan’s concerns, urging LastPass users to take action, emphasizing the gravity of the situation.

The common thread connecting the victims is that they had previously used LastPass to store their seed phrases. These keys are often stored on encrypted services like password managers to prevent bad actors from gaining access to crypto wallets.

LastPass has not confirmed whether any of the stolen password vaults have been cracked. However, the company says that it is “aware of the reports” and is “investigating the matter.”

The sources for this piece include an article in TheVerge.


Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways