Hackers Steal $4.4 Million in Cryptocurrency Using LastPass Data

On October 25th, hackers stole $4.4 million in cryptocurrency by getting hold of private keys and passphrases stored in stolen LastPass databases. This information was discovered by crypto researchers ZachXBT and Taylor Monahan, who have been investigating similar crypto thefts.

They have found a common factor among victims: they all used LastPass for managing their passwords. In 2022, LastPass experienced two security breaches. During these breaches, attackers accessed source code, customer data, and cloud backups, which included encrypted password vaults. LastPass assured its customers that their vaults were secure as long as they had strong master passwords.

However, those with weaker passwords were advised to reset them because they were more vulnerable to being cracked by specialized programs. Monahan and ZachXBT suspect that the hackers are decrypting the stolen password vaults to access cryptocurrency wallet passphrases, credentials, and private keys. With this information, the hackers can move the funds into their own wallets.

Research suggests that these attackers may be responsible for more than $35 million in crypto thefts. Therefore, it is crucial for LastPass users who had accounts during the August and December 2022 breaches to reset all their passwords, including the master password.

Source: Bleeping Computer