A String of CryptoWallet Thefts Point to Cracked LastPass Vaults

Category: Application & User Security | Industry: Technology | Source: Brian Krebs

After the LastPass data breach in November 2022, security researchers have disturbingly found evidence indicating threat actors have successfully breached the compromised vaults. Investigative journalist Brian Krebs delves into these concerning developments, with a focus on the compromise of cryptocurrency wallets. Krebs highlights the observations of MetaMask's product manager, Taylor Monahan, who began reporting a surge in compromised cryptowallets owned by security-conscious individuals starting in March 2023. Monahan's August 28th post describes these victims as "employees of reputable crypto orgs, VSs, people who build deif protocols, deploy contracts, run full nodes and have ENS name*s*," providing insight into a community deeply rooted in security awareness.

Nick Bax, the director of analytics at Unciphered, echoes and supports Taylor Monahan's findings and conclusions in their investigation. "The threat actor moved stolen funds from multiple victims to the same blockchain addresses, making it possible to strongly link those victims," Bax explains. Brian Krebs when interviewing security researchers including Bax and Monahan gained insight into "a unique signature that links the theft of more than $35 million in crypto from more than 150 confirmed victims, with roughly two to five high-dollar heists happening each month since December 2022." However, at the behest of the security researchers, Krebs opted not to release details of the signature so as to not tip off the attackers and have them alter their procedures.

One anonymous victim revealed to Krebs, he had lost a total of $3.4 million in various cryptocurrencies. LastPass users are urged by security researchers to change all passwords they had stored in LastPass. Attackers with a copy of the encrypted vault can conduct offline attacks, running unlimited brute-force attempts to gain access to the compromised vaults. Full attribution of the series of compromised cryptowallets to LastPass could not be made by either Taylor Monahan or Nick Bax. However, Bax points out the risk of not asserting one. “I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is,” Bax said. While Krebs has reached out to LastPass, the password security firm refused to provide a response to the research citing their ongoing investigation with law enforcement.