LastPass Leak Tied to $35M Crypto Thefts
No attachments for this post
LastPass, a popular password management tool, is under the spotlight after evidence emerges linking its 2022 breaches to multiple cryptocurrency thefts totaling over $35 million. Brian Krebs, a renowned cybersecurity blogger, cites researchers who've found over 150 crypto theft victims were likely using LastPass to safeguard their critical access keys.
Taylor Monahan of MetaMask, actively probing the incidents, discovered that these victims stored their cryptocurrency “seed phrase” (a private access key) in LastPass. Moreover, the pilfered crypto was tracked to identical blockchain addresses, establishing a stronger connection between the victims.
LastPass had previously announced two breaches in 2022, where the latter seemed to exploit data from the former, accessing cloud backups of user encryption keys.
While we await LastPass’s confirmation on the cracked vaults, CEO Karim Toubba told The Verge that the November breach is under both legal scrutiny and law enforcement investigation. As of now, LastPass hasn't explicitly linked the thefts to their security lapses.
Nick Bax from Unciphered, after studying the theft, echoed Monahan's findings and cautioned his acquaintances to update their LastPass credentials and secure any exposed cryptocurrency.
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.